/jre directory? */
JLI_Snprintf(libjava, sizeof(libjava), "%s/jre/lib/" JAVA_DLL, path);
if (access(libjava, F_OK) == 0) {
--- ./jdk/src/macosx/classes/sun/lwawt/macosx/CClipboard.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/macosx/classes/sun/lwawt/macosx/CClipboard.java Tue Jun 02 13:49:09 2015 +0300
@@ -57,6 +57,18 @@
}
@Override
+ public synchronized Transferable getContents(Object requestor) {
+ checkPasteboardAndNotify();
+ return super.getContents(requestor);
+ }
+
+ @Override
+ protected synchronized Transferable getContextContents() {
+ checkPasteboardAndNotify();
+ return super.getContextContents();
+ }
+
+ @Override
protected void setContentsNative(Transferable contents) {
FlavorTable flavorMap = getDefaultFlavorTable();
// Don't use delayed Clipboard rendering for the Transferable's data.
@@ -116,13 +128,20 @@
private native void declareTypes(long[] formats, SunClipboard newOwner);
private native void setData(byte[] data, long format);
+ void checkPasteboardAndNotify() {
+ if (checkPasteboardWithoutNotification()) {
+ notifyChanged();
+ lostOwnershipNow(null);
+ }
+ }
+
/**
* Invokes native check whether a change count on the general pasteboard is different
* than when we set it. The different count value means the current owner lost
* pasteboard ownership and someone else put data on the clipboard.
* @since 1.7
*/
- native void checkPasteboard();
+ native boolean checkPasteboardWithoutNotification();
/*** Native Callbacks ***/
private void notifyLostOwnership() {
--- ./jdk/src/macosx/classes/sun/lwawt/macosx/CEmbeddedFrame.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/macosx/classes/sun/lwawt/macosx/CEmbeddedFrame.java Tue Jun 02 13:49:09 2015 +0300
@@ -120,7 +120,7 @@
// it won't be invoced if focuse is moved to a html element
// on the same page.
CClipboard clipboard = (CClipboard) Toolkit.getDefaultToolkit().getSystemClipboard();
- clipboard.checkPasteboard();
+ clipboard.checkPasteboardAndNotify();
}
if (parentWindowActive) {
responder.handleWindowFocusEvent(focused, null);
--- ./jdk/src/macosx/classes/sun/lwawt/macosx/CPlatformWindow.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/macosx/classes/sun/lwawt/macosx/CPlatformWindow.java Tue Jun 02 13:49:09 2015 +0300
@@ -488,6 +488,9 @@
} else {
deliverZoom(true);
+ // We need an up to date size of the peer, so we flush the native events
+ // to be sure that there are no setBounds requests in the queue.
+ LWCToolkit.flushNativeSelectors();
this.normalBounds = peer.getBounds();
GraphicsConfiguration config = getPeer().getGraphicsConfiguration();
--- ./jdk/src/macosx/classes/sun/lwawt/macosx/LWCToolkit.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/macosx/classes/sun/lwawt/macosx/LWCToolkit.java Tue Jun 02 13:49:09 2015 +0300
@@ -833,7 +833,7 @@
/**
* Just spin a single empty block synchronously.
*/
- private static native void flushNativeSelectors();
+ static native void flushNativeSelectors();
@Override
public Clipboard createPlatformClipboard() {
--- ./jdk/src/macosx/native/sun/awt/AWTView.m Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/macosx/native/sun/awt/AWTView.m Tue Jun 02 13:49:09 2015 +0300
@@ -889,9 +889,9 @@
// text, or 'text in progress'. We also need to send the event if we get an insert text out of the blue!
// (i.e., when the user uses the Character palette or Inkwell), or when the string to insert is a complex
// Unicode value.
- NSUInteger utf8Length = [aString lengthOfBytesUsingEncoding:NSUTF8StringEncoding];
+ NSUInteger utf16Length = [aString lengthOfBytesUsingEncoding:NSUTF16StringEncoding];
- if ([self hasMarkedText] || !fProcessingKeystroke || (utf8Length > 1)) {
+ if ([self hasMarkedText] || !fProcessingKeystroke || (utf16Length > 2)) {
JNIEnv *env = [ThreadUtilities getJNIEnv];
static JNF_MEMBER_CACHE(jm_selectPreviousGlyph, jc_CInputMethod, "selectPreviousGlyph", "()V");
--- ./jdk/src/macosx/native/sun/awt/CClipboard.m Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/macosx/native/sun/awt/CClipboard.m Tue Jun 02 13:49:09 2015 +0300
@@ -171,6 +171,8 @@
else [args removeLastObject];
}
+
+
- (void) checkPasteboard:(id)application {
AWT_ASSERT_APPKIT_THREAD;
@@ -202,6 +204,19 @@
}
}
+- (BOOL) checkPasteboardWithoutNotification:(id)application {
+ AWT_ASSERT_APPKIT_THREAD;
+
+ NSInteger newChangeCount = [[NSPasteboard generalPasteboard] changeCount];
+
+ if (fChangeCount != newChangeCount) {
+ fChangeCount = newChangeCount;
+ return YES;
+ } else {
+ return NO;
+ }
+}
+
@end
/*
@@ -348,16 +363,17 @@
* Method: checkPasteboard
* Signature: ()V
*/
-JNIEXPORT void JNICALL Java_sun_lwawt_macosx_CClipboard_checkPasteboard
-(JNIEnv *env, jobject inObject )
+JNIEXPORT jboolean JNICALL Java_sun_lwawt_macosx_CClipboard_checkPasteboardWithoutNotification
+(JNIEnv *env, jobject inObject)
{
+ __block BOOL ret = NO;
JNF_COCOA_ENTER(env);
-
[ThreadUtilities performOnMainThreadWaiting:YES block:^(){
- [[CClipboard sharedClipboard] checkPasteboard:nil];
+ ret = [[CClipboard sharedClipboard] checkPasteboardWithoutNotification:nil];
}];
-
+
JNF_COCOA_EXIT(env);
+ return ret;
}
--- ./jdk/src/share/classes/com/sun/crypto/provider/AESCrypt.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/com/sun/crypto/provider/AESCrypt.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -37,7 +37,7 @@
package com.sun.crypto.provider;
import java.security.InvalidKeyException;
-import java.util.Arrays;
+import java.security.MessageDigest;
/**
* Rijndael --pronounced Reindaal-- is a symmetric cipher with a 128-bit
@@ -88,7 +88,7 @@
key.length + " bytes");
}
- if (!Arrays.equals(key, lastKey)) {
+ if (!MessageDigest.isEqual(key, lastKey)) {
// re-generate session key 'sessionK' when cipher key changes
makeSessionKey(key);
lastKey = key.clone(); // save cipher key
--- ./jdk/src/share/classes/com/sun/crypto/provider/CipherCore.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/com/sun/crypto/provider/CipherCore.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -568,7 +568,7 @@
// check key+iv for encryption in GCM mode
requireReinit =
Arrays.equals(ivBytes, lastEncIv) &&
- Arrays.equals(keyBytes, lastEncKey);
+ MessageDigest.isEqual(keyBytes, lastEncKey);
if (requireReinit) {
throw new InvalidAlgorithmParameterException
("Cannot reuse iv for GCM encryption");
--- ./jdk/src/share/classes/com/sun/crypto/provider/DESKey.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/com/sun/crypto/provider/DESKey.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,7 @@
package com.sun.crypto.provider;
+import java.security.MessageDigest;
import java.security.KeyRep;
import java.security.InvalidKeyException;
import javax.crypto.SecretKey;
@@ -113,7 +114,7 @@
return false;
byte[] thatKey = ((SecretKey)obj).getEncoded();
- boolean ret = java.util.Arrays.equals(this.key, thatKey);
+ boolean ret = MessageDigest.isEqual(this.key, thatKey);
java.util.Arrays.fill(thatKey, (byte)0x00);
return ret;
}
--- ./jdk/src/share/classes/com/sun/crypto/provider/DESedeKey.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/com/sun/crypto/provider/DESedeKey.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,7 @@
package com.sun.crypto.provider;
+import java.security.MessageDigest;
import java.security.KeyRep;
import java.security.InvalidKeyException;
import javax.crypto.SecretKey;
@@ -114,7 +115,7 @@
return false;
byte[] thatKey = ((SecretKey)obj).getEncoded();
- boolean ret = java.util.Arrays.equals(this.key, thatKey);
+ boolean ret = MessageDigest.isEqual(this.key, thatKey);
java.util.Arrays.fill(thatKey, (byte)0x00);
return ret;
}
--- ./jdk/src/share/classes/com/sun/crypto/provider/GCTR.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/com/sun/crypto/provider/GCTR.java Tue Jun 02 13:49:09 2015 +0300
@@ -38,7 +38,17 @@
* under section 6.5. It needs to be constructed w/ an initialized
* cipher object, and initial counter block(ICB). Given an input X
* of arbitrary length, it processes and returns an output which has
- * the same length as X.
+ * the same length as X. The invariants of this class are:
+ *
+ * (1) The length of intialCounterBlk (and also of its clones, e.g.,
+ * fields counter and counterSave) is equal to AES_BLOCK_SIZE.
+ *
+ * (2) After construction, the field counter never becomes null, it
+ * always contains a byte array of length AES_BLOCK_SIZE.
+ *
+ * If any invariant is broken, failures can occur because the
+ * AESCrypt.encryptBlock method can be intrinsified on the HotSpot VM
+ * (see JDK-8067648 for details).
*
* This function is used in the implementation of GCM mode.
*
@@ -59,6 +69,10 @@
// NOTE: cipher should already be initialized
GCTR(SymmetricCipher cipher, byte[] initialCounterBlk) {
this.aes = cipher;
+ if (initialCounterBlk.length != AES_BLOCK_SIZE) {
+ throw new RuntimeException("length of initial counter block (" + initialCounterBlk.length +
+ ") not equal to AES_BLOCK_SIZE (" + AES_BLOCK_SIZE + ")");
+ }
this.icb = initialCounterBlk;
this.counter = icb.clone();
}
@@ -137,6 +151,8 @@
* Restores the content of this object to the previous saved one.
*/
void restore() {
- this.counter = this.counterSave;
+ if (this.counterSave != null) {
+ this.counter = this.counterSave;
+ }
}
}
--- ./jdk/src/share/classes/com/sun/crypto/provider/PBEKey.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/com/sun/crypto/provider/PBEKey.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,7 @@
package com.sun.crypto.provider;
+import java.security.MessageDigest;
import java.security.KeyRep;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.SecretKey;
@@ -107,7 +108,7 @@
return false;
byte[] thatEncoded = that.getEncoded();
- boolean ret = java.util.Arrays.equals(this.key, thatEncoded);
+ boolean ret = MessageDigest.isEqual(this.key, thatEncoded);
java.util.Arrays.fill(thatEncoded, (byte)0x00);
return ret;
}
--- ./jdk/src/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/com/sun/crypto/provider/PBKDF2KeyImpl.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -30,6 +30,7 @@
import java.nio.CharBuffer;
import java.nio.charset.Charset;
import java.util.Arrays;
+import java.security.MessageDigest;
import java.security.KeyRep;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
@@ -152,7 +153,7 @@
SecretKey sk = (SecretKey)obj;
return prf.getAlgorithm().equalsIgnoreCase(
sk.getAlgorithm()) &&
- Arrays.equals(password, sk.getEncoded());
+ MessageDigest.isEqual(password, sk.getEncoded());
}
};
prf.init(macKey);
@@ -238,7 +239,7 @@
if (!(that.getFormat().equalsIgnoreCase("RAW")))
return false;
byte[] thatEncoded = that.getEncoded();
- boolean ret = Arrays.equals(key, that.getEncoded());
+ boolean ret = MessageDigest.isEqual(key, that.getEncoded());
java.util.Arrays.fill(thatEncoded, (byte)0x00);
return ret;
}
--- ./jdk/src/share/classes/com/sun/jndi/dns/DnsClient.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/com/sun/jndi/dns/DnsClient.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -184,119 +184,124 @@
Exception caughtException = null;
boolean[] doNotRetry = new boolean[servers.length];
- //
- // The UDP retry strategy is to try the 1st server, and then
- // each server in order. If no answer, double the timeout
- // and try each server again.
- //
- for (int retry = 0; retry < retries; retry++) {
+ try {
+ //
+ // The UDP retry strategy is to try the 1st server, and then
+ // each server in order. If no answer, double the timeout
+ // and try each server again.
+ //
+ for (int retry = 0; retry < retries; retry++) {
- // Try each name server.
- for (int i = 0; i < servers.length; i++) {
- if (doNotRetry[i]) {
- continue;
- }
-
- // send the request packet and wait for a response.
- try {
- if (debug) {
- dprint("SEND ID (" + (retry + 1) + "): " + xid);
+ // Try each name server.
+ for (int i = 0; i < servers.length; i++) {
+ if (doNotRetry[i]) {
+ continue;
}
- byte[] msg = null;
- msg = doUdpQuery(pkt, servers[i], serverPorts[i],
- retry, xid);
- //
- // If the matching response is not got within the
- // given timeout, check if the response was enqueued
- // by some other thread, if not proceed with the next
- // server or retry.
- //
- if (msg == null) {
- if (resps.size() > 0) {
- msg = lookupResponse(xid);
+ // send the request packet and wait for a response.
+ try {
+ if (debug) {
+ dprint("SEND ID (" + (retry + 1) + "): " + xid);
}
- if (msg == null) { // try next server or retry
+
+ byte[] msg = null;
+ msg = doUdpQuery(pkt, servers[i], serverPorts[i],
+ retry, xid);
+ //
+ // If the matching response is not got within the
+ // given timeout, check if the response was enqueued
+ // by some other thread, if not proceed with the next
+ // server or retry.
+ //
+ if (msg == null) {
+ if (resps.size() > 0) {
+ msg = lookupResponse(xid);
+ }
+ if (msg == null) { // try next server or retry
+ continue;
+ }
+ }
+ Header hdr = new Header(msg, msg.length);
+
+ if (auth && !hdr.authoritative) {
+ caughtException = new NameNotFoundException(
+ "DNS response not authoritative");
+ doNotRetry[i] = true;
continue;
}
- }
- Header hdr = new Header(msg, msg.length);
+ if (hdr.truncated) { // message is truncated -- try TCP
- if (auth && !hdr.authoritative) {
- caughtException = new NameNotFoundException(
- "DNS response not authoritative");
- doNotRetry[i] = true;
- continue;
- }
- if (hdr.truncated) { // message is truncated -- try TCP
+ // Try each server, starting with the one that just
+ // provided the truncated message.
+ for (int j = 0; j < servers.length; j++) {
+ int ij = (i + j) % servers.length;
+ if (doNotRetry[ij]) {
+ continue;
+ }
+ try {
+ Tcp tcp =
+ new Tcp(servers[ij], serverPorts[ij]);
+ byte[] msg2;
+ try {
+ msg2 = doTcpQuery(tcp, pkt);
+ } finally {
+ tcp.close();
+ }
+ Header hdr2 = new Header(msg2, msg2.length);
+ if (hdr2.query) {
+ throw new CommunicationException(
+ "DNS error: expecting response");
+ }
+ checkResponseCode(hdr2);
- // Try each server, starting with the one that just
- // provided the truncated message.
- for (int j = 0; j < servers.length; j++) {
- int ij = (i + j) % servers.length;
- if (doNotRetry[ij]) {
- continue;
- }
- try {
- Tcp tcp =
- new Tcp(servers[ij], serverPorts[ij]);
- byte[] msg2;
- try {
- msg2 = doTcpQuery(tcp, pkt);
- } finally {
- tcp.close();
+ if (!auth || hdr2.authoritative) {
+ // Got a valid response
+ hdr = hdr2;
+ msg = msg2;
+ break;
+ } else {
+ doNotRetry[ij] = true;
+ }
+ } catch (Exception e) {
+ // Try next server, or use UDP response
}
- Header hdr2 = new Header(msg2, msg2.length);
- if (hdr2.query) {
- throw new CommunicationException(
- "DNS error: expecting response");
- }
- checkResponseCode(hdr2);
+ } // servers
+ }
+ return new ResourceRecords(msg, msg.length, hdr, false);
- if (!auth || hdr2.authoritative) {
- // Got a valid response
- hdr = hdr2;
- msg = msg2;
- break;
- } else {
- doNotRetry[ij] = true;
- }
- } catch (Exception e) {
- // Try next server, or use UDP response
- }
- } // servers
- }
- return new ResourceRecords(msg, msg.length, hdr, false);
-
- } catch (IOException e) {
- if (debug) {
- dprint("Caught IOException:" + e);
- }
- if (caughtException == null) {
- caughtException = e;
- }
- // Use reflection to allow pre-1.4 compilation.
- // This won't be needed much longer.
- if (e.getClass().getName().equals(
- "java.net.PortUnreachableException")) {
+ } catch (IOException e) {
+ if (debug) {
+ dprint("Caught IOException:" + e);
+ }
+ if (caughtException == null) {
+ caughtException = e;
+ }
+ // Use reflection to allow pre-1.4 compilation.
+ // This won't be needed much longer.
+ if (e.getClass().getName().equals(
+ "java.net.PortUnreachableException")) {
+ doNotRetry[i] = true;
+ }
+ } catch (NameNotFoundException e) {
+ // This is authoritative, so return immediately
+ throw e;
+ } catch (CommunicationException e) {
+ if (caughtException == null) {
+ caughtException = e;
+ }
+ } catch (NamingException e) {
+ if (caughtException == null) {
+ caughtException = e;
+ }
doNotRetry[i] = true;
}
- } catch (NameNotFoundException e) {
- throw e;
- } catch (CommunicationException e) {
- if (caughtException == null) {
- caughtException = e;
- }
- } catch (NamingException e) {
- if (caughtException == null) {
- caughtException = e;
- }
- doNotRetry[i] = true;
- }
- } // servers
- } // retries
+ } // servers
+ } // retries
- reqs.remove(xid);
+ } finally {
+ reqs.remove(xid); // cleanup
+ }
+
if (caughtException instanceof NamingException) {
throw (NamingException) caughtException;
}
--- ./jdk/src/share/classes/java/io/ObjectInputStream.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/java/io/ObjectInputStream.java Tue Jun 02 13:49:09 2015 +0300
@@ -1829,6 +1829,8 @@
throws IOException
{
SerialCallbackContext oldContext = curContext;
+ if (oldContext != null)
+ oldContext.check();
curContext = null;
try {
boolean blocked = desc.hasBlockExternalData();
@@ -1853,6 +1855,8 @@
skipCustomData();
}
} finally {
+ if (oldContext != null)
+ oldContext.check();
curContext = oldContext;
}
/*
@@ -1883,12 +1887,12 @@
ObjectStreamClass slotDesc = slots[i].desc;
if (slots[i].hasData) {
- if (obj != null &&
- slotDesc.hasReadObjectMethod() &&
- handles.lookupException(passHandle) == null)
- {
+ if (obj == null || handles.lookupException(passHandle) != null) {
+ defaultReadFields(null, slotDesc); // skip field values
+ } else if (slotDesc.hasReadObjectMethod()) {
SerialCallbackContext oldContext = curContext;
-
+ if (oldContext != null)
+ oldContext.check();
try {
curContext = new SerialCallbackContext(obj, slotDesc);
@@ -1905,6 +1909,8 @@
handles.markException(passHandle, ex);
} finally {
curContext.setUsed();
+ if (oldContext!= null)
+ oldContext.check();
curContext = oldContext;
}
@@ -1917,6 +1923,7 @@
} else {
defaultReadFields(obj, slotDesc);
}
+
if (slotDesc.hasWriteObjectData()) {
skipCustomData();
} else {
--- ./jdk/src/share/classes/java/io/SerialCallbackContext.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/java/io/SerialCallbackContext.java Tue Jun 02 13:49:09 2015 +0300
@@ -60,6 +60,13 @@
return desc;
}
+ public void check() throws NotActiveException {
+ if (thread != null && thread != Thread.currentThread()) {
+ throw new NotActiveException(
+ "expected thread: " + thread + ", but got: " + Thread.currentThread());
+ }
+ }
+
private void checkAndSetUsed() throws NotActiveException {
if (thread != Thread.currentThread()) {
throw new NotActiveException(
--- ./jdk/src/share/classes/java/net/InetAddress.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/java/net/InetAddress.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1995, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1995, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -203,16 +203,33 @@
static transient boolean preferIPv6Address = false;
static class InetAddressHolder {
+ /**
+ * Reserve the original application specified hostname.
+ *
+ * The original hostname is useful for domain-based endpoint
+ * identification (see RFC 2818 and RFC 6125). If an address
+ * was created with a raw IP address, a reverse name lookup
+ * may introduce endpoint identification security issue via
+ * DNS forging.
+ *
+ * Oracle JSSE provider is using this original hostname, via
+ * sun.misc.JavaNetAccess, for SSL/TLS endpoint identification.
+ *
+ * Note: May define a new public method in the future if necessary.
+ */
+ private String originalHostName;
InetAddressHolder() {}
InetAddressHolder(String hostName, int address, int family) {
+ this.originalHostName = hostName;
this.hostName = hostName;
this.address = address;
this.family = family;
}
void init(String hostName, int family) {
+ this.originalHostName = hostName;
this.hostName = hostName;
if (family != -1) {
this.family = family;
@@ -225,6 +242,10 @@
return hostName;
}
+ String getOriginalHostName() {
+ return originalHostName;
+ }
+
/**
* Holds a 32-bit IPv4 address.
*/
--- ./jdk/src/share/classes/java/net/URLClassLoader.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/java/net/URLClassLoader.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -774,6 +774,10 @@
public URLClassPath getURLClassPath (URLClassLoader u) {
return u.ucp;
}
+
+ public String getOriginalHostName(InetAddress ia) {
+ return ia.holder.getOriginalHostName();
+ }
}
);
ClassLoader.registerAsParallelCapable();
--- ./jdk/src/share/classes/java/rmi/server/RemoteObjectInvocationHandler.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/java/rmi/server/RemoteObjectInvocationHandler.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -31,6 +31,7 @@
import java.rmi.Remote;
import java.rmi.UnexpectedException;
import java.rmi.activation.Activatable;
+import java.security.PrivilegedAction;
import java.util.Map;
import java.util.WeakHashMap;
import sun.rmi.server.Util;
@@ -56,6 +57,25 @@
{
private static final long serialVersionUID = 2L;
+ // set to true if invocation handler allows finalize method (legacy behavior)
+ private static final boolean allowFinalizeInvocation;
+
+ static {
+ String propName = "sun.rmi.server.invocationhandler.allowFinalizeInvocation";
+ String allowProp = java.security.AccessController.doPrivileged(
+ new PrivilegedAction() {
+ @Override
+ public String run() {
+ return System.getProperty(propName);
+ }
+ });
+ if ("".equals(allowProp)) {
+ allowFinalizeInvocation = true;
+ } else {
+ allowFinalizeInvocation = Boolean.parseBoolean(allowProp);
+ }
+ }
+
/**
* A weak hash map, mapping classes to weak hash maps that map
* method objects to method hashes.
@@ -144,6 +164,9 @@
{
if (method.getDeclaringClass() == Object.class) {
return invokeObjectMethod(proxy, method, args);
+ } else if ("finalize".equals(method.getName()) && method.getParameterCount() == 0 &&
+ !allowFinalizeInvocation) {
+ return null; // ignore
} else {
return invokeRemoteMethod(proxy, method, args);
}
--- ./jdk/src/share/classes/java/security/Identity.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/java/security/Identity.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -261,7 +261,7 @@
certificates.addElement(certificate);
}
- private boolean keyEquals(Key aKey, Key anotherKey) {
+ private boolean keyEquals(PublicKey aKey, PublicKey anotherKey) {
String aKeyFormat = aKey.getFormat();
String anotherKeyFormat = anotherKey.getFormat();
if ((aKeyFormat == null) ^ (anotherKeyFormat == null))
--- ./jdk/src/share/classes/java/security/MessageDigest.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/java/security/MessageDigest.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -440,6 +440,10 @@
* @return true if the digests are equal, false otherwise.
*/
public static boolean isEqual(byte[] digesta, byte[] digestb) {
+ if (digesta == digestb) return true;
+ if (digesta == null || digestb == null) {
+ return false;
+ }
if (digesta.length != digestb.length) {
return false;
}
--- ./jdk/src/share/classes/java/security/Signature.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/java/security/Signature.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -1316,7 +1316,7 @@
byte[] out = cipher.doFinal(sigBytes);
byte[] dataBytes = data.toByteArray();
data.reset();
- return Arrays.equals(out, dataBytes);
+ return MessageDigest.isEqual(out, dataBytes);
} catch (BadPaddingException e) {
// e.g. wrong public key used
// return false rather than throwing exception
--- ./jdk/src/share/classes/java/security/cert/X509CRLSelector.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/java/security/cert/X509CRLSelector.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -679,10 +679,14 @@
nowPlusSkew = new Date(dateAndTime.getTime() + skew);
nowMinusSkew = new Date(dateAndTime.getTime() - skew);
}
+
+ // Check that the test date is within the validity interval:
+ // [ thisUpdate - MAX_CLOCK_SKEW,
+ // nextUpdate + MAX_CLOCK_SKEW ]
if (nowMinusSkew.after(nextUpdate)
|| nowPlusSkew.before(crlThisUpdate)) {
if (debug != null) {
- debug.println("X509CRLSelector.match: update out of range");
+ debug.println("X509CRLSelector.match: update out-of-range");
}
return false;
}
--- ./jdk/src/share/classes/javax/crypto/CipherInputStream.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/javax/crypto/CipherInputStream.java Tue Jun 02 13:49:09 2015 +0300
@@ -25,7 +25,11 @@
package javax.crypto;
-import java.io.*;
+import java.io.InputStream;
+import java.io.FilterInputStream;
+import java.io.IOException;
+import javax.crypto.BadPaddingException;
+import javax.crypto.IllegalBlockSizeException;
/**
* A CipherInputStream is composed of an InputStream and a Cipher so
@@ -88,8 +92,6 @@
private int ofinish = 0;
// stream status
private boolean closed = false;
- // The stream has been read from. False if the stream has never been read.
- private boolean read = false;
/**
* private convenience function.
@@ -101,11 +103,15 @@
* return (ofinish-ostart) (we have this many bytes for you)
* return 0 (no data now, but could have more later)
* return -1 (absolutely no more data)
+ *
+ * Note: Exceptions are only thrown after the stream is completely read.
+ * For AEAD ciphers a read() of any length will internally cause the
+ * whole stream to be read fully and verify the authentication tag before
+ * returning decrypted data or exceptions.
*/
private int getMoreData() throws IOException {
if (done) return -1;
int readin = input.read(ibuffer);
- read = true;
if (readin == -1) {
done = true;
try {
@@ -308,17 +314,16 @@
closed = true;
input.close();
- try {
- // throw away the unprocessed data
- if (!done) {
+
+ // Throw away the unprocessed data and throw no crypto exceptions.
+ // AEAD ciphers are fully readed before closing. Any authentication
+ // exceptions would occur while reading.
+ if (!done) {
+ try {
cipher.doFinal();
}
- }
- catch (BadPaddingException | IllegalBlockSizeException ex) {
- /* If no data has been read from the stream to be en/decrypted,
- we supress any exceptions, and close quietly. */
- if (read) {
- throw new IOException(ex);
+ catch (BadPaddingException | IllegalBlockSizeException ex) {
+ // Catch exceptions as the rest of the stream is unused.
}
}
ostart = 0;
--- ./jdk/src/share/classes/javax/crypto/spec/SecretKeySpec.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/javax/crypto/spec/SecretKeySpec.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,7 @@
package javax.crypto.spec;
+import java.security.MessageDigest;
import java.security.spec.KeySpec;
import javax.crypto.SecretKey;
@@ -226,6 +227,6 @@
byte[] thatKey = ((SecretKey)obj).getEncoded();
- return java.util.Arrays.equals(this.key, thatKey);
+ return MessageDigest.isEqual(this.key, thatKey);
}
}
--- ./jdk/src/share/classes/javax/management/MBeanServerInvocationHandler.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/javax/management/MBeanServerInvocationHandler.java Tue Jun 02 13:49:09 2015 +0300
@@ -141,6 +141,12 @@
if (connection == null) {
throw new IllegalArgumentException("Null connection");
}
+ if (Proxy.isProxyClass(connection.getClass())) {
+ if (MBeanServerInvocationHandler.class.isAssignableFrom(
+ Proxy.getInvocationHandler(connection).getClass())) {
+ throw new IllegalArgumentException("Wrapping MBeanServerInvocationHandler");
+ }
+ }
if (objectName == null) {
throw new IllegalArgumentException("Null object name");
}
@@ -418,6 +424,10 @@
new Class[] {Object.class})
&& isLocal(proxy, method))
return true;
+ if (methodName.equals("finalize")
+ && method.getParameterTypes().length == 0) {
+ return true;
+ }
return false;
}
@@ -453,6 +463,9 @@
connection + "[" + objectName + "])";
} else if (methodName.equals("hashCode")) {
return objectName.hashCode()+connection.hashCode();
+ } else if (methodName.equals("finalize")) {
+ // ignore the finalizer invocation via proxy
+ return null;
}
throw new RuntimeException("Unexpected method name: " + methodName);
--- ./jdk/src/share/classes/javax/management/remote/rmi/RMIConnectionImpl.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/javax/management/remote/rmi/RMIConnectionImpl.java Tue Jun 02 13:49:09 2015 +0300
@@ -32,7 +32,6 @@
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.Permission;
-import java.security.PermissionCollection;
import java.security.Permissions;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
@@ -59,6 +58,7 @@
import com.sun.jmx.remote.util.ClassLogger;
import com.sun.jmx.remote.util.EnvHelp;
import com.sun.jmx.remote.util.OrderClassLoaders;
+import javax.management.loading.ClassLoaderRepository;
/**
* Implementation of the {@link RMIConnection} interface. User
@@ -131,20 +131,24 @@
final ClassLoader dcl = defaultClassLoader;
- this.classLoaderWithRepository =
- AccessController.doPrivileged(
- new PrivilegedAction() {
- public ClassLoaderWithRepository run() {
- return new ClassLoaderWithRepository(
- mbeanServer.getClassLoaderRepository(),
- dcl);
- }
- },
-
- withPermissions( new MBeanPermission("*", "getClassLoaderRepository"),
- new RuntimePermission("createClassLoader"))
- );
-
+ ClassLoaderRepository repository = AccessController.doPrivileged(
+ new PrivilegedAction() {
+ public ClassLoaderRepository run() {
+ return mbeanServer.getClassLoaderRepository();
+ }
+ },
+ withPermissions(new MBeanPermission("*", "getClassLoaderRepository"))
+ );
+ this.classLoaderWithRepository = AccessController.doPrivileged(
+ new PrivilegedAction() {
+ public ClassLoaderWithRepository run() {
+ return new ClassLoaderWithRepository(
+ repository,
+ dcl);
+ }
+ },
+ withPermissions(new RuntimePermission("createClassLoader"))
+ );
this.defaultContextClassLoader =
AccessController.doPrivileged(
--- ./jdk/src/share/classes/sun/awt/datatransfer/SunClipboard.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/sun/awt/datatransfer/SunClipboard.java Tue Jun 02 13:49:09 2015 +0300
@@ -150,7 +150,7 @@
* AppContext as it is currently retrieved or null otherwise
* @since 1.5
*/
- private synchronized Transferable getContextContents() {
+ protected synchronized Transferable getContextContents() {
AppContext context = AppContext.getAppContext();
return (context == contentsContext) ? contents : null;
}
@@ -281,42 +281,41 @@
return;
}
- final Runnable runnable = new Runnable() {
- public void run() {
- final SunClipboard sunClipboard = SunClipboard.this;
- ClipboardOwner owner = null;
- Transferable contents = null;
-
- synchronized (sunClipboard) {
- final AppContext context = sunClipboard.contentsContext;
-
- if (context == null) {
- return;
- }
-
- if (disposedContext == null || context == disposedContext) {
- owner = sunClipboard.owner;
- contents = sunClipboard.contents;
- sunClipboard.contentsContext = null;
- sunClipboard.owner = null;
- sunClipboard.contents = null;
- sunClipboard.clearNativeContext();
- context.removePropertyChangeListener
- (AppContext.DISPOSED_PROPERTY_NAME, sunClipboard);
- } else {
- return;
- }
- }
- if (owner != null) {
- owner.lostOwnership(sunClipboard, contents);
- }
- }
- };
-
- SunToolkit.postEvent(context, new PeerEvent(this, runnable,
+ SunToolkit.postEvent(context, new PeerEvent(this, () -> lostOwnershipNow(disposedContext),
PeerEvent.PRIORITY_EVENT));
}
+ protected void lostOwnershipNow(final AppContext disposedContext) {
+ final SunClipboard sunClipboard = SunClipboard.this;
+ ClipboardOwner owner = null;
+ Transferable contents = null;
+
+ synchronized (sunClipboard) {
+ final AppContext context = sunClipboard.contentsContext;
+
+ if (context == null) {
+ return;
+ }
+
+ if (disposedContext == null || context == disposedContext) {
+ owner = sunClipboard.owner;
+ contents = sunClipboard.contents;
+ sunClipboard.contentsContext = null;
+ sunClipboard.owner = null;
+ sunClipboard.contents = null;
+ sunClipboard.clearNativeContext();
+ context.removePropertyChangeListener
+ (AppContext.DISPOSED_PROPERTY_NAME, sunClipboard);
+ } else {
+ return;
+ }
+ }
+ if (owner != null) {
+ owner.lostOwnership(sunClipboard, contents);
+ }
+ }
+
+
protected abstract void clearNativeContext();
protected abstract void setContentsNative(Transferable contents);
--- ./jdk/src/share/classes/sun/misc/JavaNetAccess.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/sun/misc/JavaNetAccess.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -26,10 +26,17 @@
package sun.misc;
import java.net.URLClassLoader;
+import java.net.InetAddress;
public interface JavaNetAccess {
/**
* return the URLClassPath belonging to the given loader
*/
URLClassPath getURLClassPath (URLClassLoader u);
+
+ /**
+ * Return the original application specified hostname of
+ * the given InetAddress object.
+ */
+ String getOriginalHostName(InetAddress ia);
}
--- ./jdk/src/share/classes/sun/security/jgss/GSSUtil.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/sun/security/jgss/GSSUtil.java Tue Jun 02 13:49:09 2015 +0300
@@ -59,6 +59,8 @@
GSSUtil.createOid("1.2.840.113554.1.2.2");
public static final Oid GSS_KRB5_MECH_OID2 =
GSSUtil.createOid("1.3.5.1.5.2");
+ public static final Oid GSS_KRB5_MECH_OID_MS =
+ GSSUtil.createOid("1.2.840.48018.1.2.2");
public static final Oid GSS_SPNEGO_MECH_OID =
GSSUtil.createOid("1.3.6.1.5.5.2");
@@ -101,7 +103,8 @@
public static boolean isKerberosMech(Oid oid) {
return (GSS_KRB5_MECH_OID.equals(oid) ||
- GSS_KRB5_MECH_OID2.equals(oid));
+ GSS_KRB5_MECH_OID2.equals(oid) ||
+ GSS_KRB5_MECH_OID_MS.equals(oid));
}
--- ./jdk/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/sun/security/jgss/spnego/SpNegoContext.java Tue Jun 02 13:49:09 2015 +0300
@@ -540,14 +540,21 @@
// get the token for mechanism
byte[] accept_token;
- if (mechList[0].equals(mech_wanted)) {
+ if (mechList[0].equals(mech_wanted) ||
+ (GSSUtil.isKerberosMech(mechList[0]) &&
+ GSSUtil.isKerberosMech(mech_wanted))) {
// get the mechanism token
+ if (DEBUG && !mech_wanted.equals(mechList[0])) {
+ System.out.println("SpNegoContext.acceptSecContext: " +
+ "negotiated mech adjusted to " + mechList[0]);
+ }
byte[] mechToken = initToken.getMechToken();
if (mechToken == null) {
throw new GSSException(GSSException.FAILURE, -1,
"mechToken is missing");
}
accept_token = GSS_acceptSecContext(mechToken);
+ mech_wanted = mechList[0];
} else {
accept_token = null;
}
--- ./jdk/src/share/classes/sun/security/pkcs11/P11Key.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/sun/security/pkcs11/P11Key.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -165,7 +165,7 @@
} else {
otherEnc = other.getEncoded();
}
- return Arrays.equals(thisEnc, otherEnc);
+ return MessageDigest.isEqual(thisEnc, otherEnc);
}
public int hashCode() {
--- ./jdk/src/share/classes/sun/security/pkcs11/wrapper/Functions.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/sun/security/pkcs11/wrapper/Functions.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
*/
/* Copyright (c) 2002 Graz University of Technology. All rights reserved.
@@ -447,22 +447,6 @@
/**
* Check the given arrays for equalitiy. This method considers both arrays as
* equal, if both are null or both have the same length and
- * contain exactly the same byte values.
- *
- * @param array1 The first array.
- * @param array2 The second array.
- * @return True, if both arrays are null or both have the same
- * length and contain exactly the same byte values. False, otherwise.
- * @preconditions
- * @postconditions
- */
- public static boolean equals(byte[] array1, byte[] array2) {
- return Arrays.equals(array1, array2);
- }
-
- /**
- * Check the given arrays for equalitiy. This method considers both arrays as
- * equal, if both are null or both have the same length and
* contain exactly the same char values.
*
* @param array1 The first array.
@@ -472,7 +456,7 @@
* @preconditions
* @postconditions
*/
- public static boolean equals(char[] array1, char[] array2) {
+ private static boolean equals(char[] array1, char[] array2) {
return Arrays.equals(array1, array2);
}
--- ./jdk/src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/sun/security/pkcs12/PKCS12KeyStore.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -2012,7 +2012,7 @@
"(MAC algorithm: " + m.getAlgorithm() + ")");
}
- if (!Arrays.equals(macData.getDigest(), macResult)) {
+ if (!MessageDigest.isEqual(macData.getDigest(), macResult)) {
throw new SecurityException("Failed PKCS12" +
" integrity checking");
}
--- ./jdk/src/share/classes/sun/security/provider/certpath/OCSPResponse.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/sun/security/provider/certpath/OCSPResponse.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -151,8 +151,8 @@
private static final int DEFAULT_MAX_CLOCK_SKEW = 900000;
/**
- * Integer value indicating the maximum allowable clock skew, in seconds,
- * to be used for the OCSP check.
+ * Integer value indicating the maximum allowable clock skew,
+ * in milliseconds, to be used for the OCSP check.
*/
private static final int MAX_CLOCK_SKEW = initializeClockSkew();
@@ -586,13 +586,14 @@
"Unable to verify OCSP Response's signature");
}
- // Check freshness of OCSPResponse
if (nonce != null) {
if (responseNonce != null && !Arrays.equals(nonce, responseNonce)) {
throw new CertPathValidatorException("Nonces don't match");
}
}
+ // Check freshness of OCSPResponse
+
long now = (date == null) ? System.currentTimeMillis() : date.getTime();
Date nowPlusSkew = new Date(now + MAX_CLOCK_SKEW);
Date nowMinusSkew = new Date(now - MAX_CLOCK_SKEW);
@@ -602,13 +603,18 @@
if (sr.nextUpdate != null) {
until = " until " + sr.nextUpdate;
}
- debug.println("Response's validity interval is from " +
+ debug.println("OCSP response validity interval is from " +
sr.thisUpdate + until);
+ debug.println("Checking validity of OCSP response on: " +
+ new Date(now));
}
- // Check that the test date is within the validity interval
- if ((sr.thisUpdate != null && nowPlusSkew.before(sr.thisUpdate)) ||
- (sr.nextUpdate != null && nowMinusSkew.after(sr.nextUpdate)))
+ // Check that the test date is within the validity interval:
+ // [ thisUpdate - MAX_CLOCK_SKEW,
+ // MAX(thisUpdate, nextUpdate) + MAX_CLOCK_SKEW ]
+ if (nowPlusSkew.before(sr.thisUpdate) ||
+ nowMinusSkew.after(
+ sr.nextUpdate != null ? sr.nextUpdate : sr.thisUpdate))
{
throw new CertPathValidatorException(
"Response is unreliable: its validity " +
--- ./jdk/src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/sun/security/provider/certpath/PKIXCertPathValidator.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -159,12 +159,19 @@
ValidatorParams params)
throws CertPathValidatorException
{
+ // check if anchor is untrusted
+ UntrustedChecker untrustedChecker = new UntrustedChecker();
+ X509Certificate anchorCert = anchor.getTrustedCert();
+ if (anchorCert != null) {
+ untrustedChecker.check(anchorCert);
+ }
+
int certPathLen = params.certificates().size();
// create PKIXCertPathCheckers
List certPathCheckers = new ArrayList<>();
// add standard checkers that we will be using
- certPathCheckers.add(new UntrustedChecker());
+ certPathCheckers.add(untrustedChecker);
certPathCheckers.add(new AlgorithmChecker(anchor));
certPathCheckers.add(new KeyChecker(certPathLen,
params.targetCertConstraints()));
--- ./jdk/src/share/classes/sun/security/rsa/RSASignature.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/sun/security/rsa/RSASignature.java Tue Jun 02 13:49:09 2015 +0300
@@ -27,7 +27,6 @@
import java.io.IOException;
import java.nio.ByteBuffer;
-import java.util.Arrays;
import java.security.*;
import java.security.interfaces.*;
@@ -194,7 +193,7 @@
byte[] decrypted = RSACore.rsa(sigBytes, publicKey);
byte[] unpadded = padding.unpad(decrypted);
byte[] decodedDigest = decodeSignature(digestOID, unpadded);
- return Arrays.equals(digest, decodedDigest);
+ return MessageDigest.isEqual(digest, decodedDigest);
} catch (javax.crypto.BadPaddingException e) {
// occurs if the app has used the wrong RSA public key
// or if sigBytes is invalid
--- ./jdk/src/share/classes/sun/security/ssl/CipherSuite.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/sun/security/ssl/CipherSuite.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -968,7 +968,7 @@
* 1. Prefer Suite B compliant cipher suites, see RFC6460 (To be
* changed later, see below).
* 2. Prefer the stronger bulk cipher, in the order of AES_256(GCM),
- * AES_128(GCM), AES_256, AES_128, 3DES-EDE, RC-4.
+ * AES_128(GCM), AES_256, AES_128, 3DES-EDE.
* 3. Prefer the stronger MAC algorithm, in the order of SHA384,
* SHA256, SHA, MD5.
* 4. Prefer the better performance of key exchange and digital
@@ -1115,20 +1115,6 @@
add("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
0x0013, --p, K_DHE_DSS, B_3DES, N);
- // RC-4
- add("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
- 0xC007, --p, K_ECDHE_ECDSA, B_RC4_128, N);
- add("TLS_ECDHE_RSA_WITH_RC4_128_SHA",
- 0xC011, --p, K_ECDHE_RSA, B_RC4_128, N);
- add("SSL_RSA_WITH_RC4_128_SHA",
- 0x0005, --p, K_RSA, B_RC4_128, N);
- add("TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
- 0xC002, --p, K_ECDH_ECDSA, B_RC4_128, N);
- add("TLS_ECDH_RSA_WITH_RC4_128_SHA",
- 0xC00C, --p, K_ECDH_RSA, B_RC4_128, N);
- add("SSL_RSA_WITH_RC4_128_MD5",
- 0x0004, --p, K_RSA, B_RC4_128, N);
-
// Renegotiation protection request Signalling Cipher Suite Value (SCSV)
add("TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
0x00ff, --p, K_SCSV, B_NULL, T);
@@ -1178,6 +1164,20 @@
add("SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",
0x001b, --p, K_DH_ANON, B_3DES, N);
+ // RC-4
+ add("TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
+ 0xC007, --p, K_ECDHE_ECDSA, B_RC4_128, N);
+ add("TLS_ECDHE_RSA_WITH_RC4_128_SHA",
+ 0xC011, --p, K_ECDHE_RSA, B_RC4_128, N);
+ add("SSL_RSA_WITH_RC4_128_SHA",
+ 0x0005, --p, K_RSA, B_RC4_128, N);
+ add("TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
+ 0xC002, --p, K_ECDH_ECDSA, B_RC4_128, N);
+ add("TLS_ECDH_RSA_WITH_RC4_128_SHA",
+ 0xC00C, --p, K_ECDH_RSA, B_RC4_128, N);
+ add("SSL_RSA_WITH_RC4_128_MD5",
+ 0x0004, --p, K_RSA, B_RC4_128, N);
+
add("TLS_ECDH_anon_WITH_RC4_128_SHA",
0xC016, --p, K_ECDH_ANON, B_RC4_128, N);
add("SSL_DH_anon_WITH_RC4_128_MD5",
--- ./jdk/src/share/classes/sun/security/ssl/ClientHandshaker.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/sun/security/ssl/ClientHandshaker.java Tue Jun 02 13:49:09 2015 +0300
@@ -485,7 +485,7 @@
0, clientVerifyData.length);
System.arraycopy(serverVerifyData, 0, verifyData,
clientVerifyData.length, serverVerifyData.length);
- if (!Arrays.equals(verifyData,
+ if (!MessageDigest.isEqual(verifyData,
serverHelloRI.getRenegotiatedConnection())) {
fatalSE(Alerts.alert_handshake_failure,
"Incorrect verify data in ServerHello " +
@@ -675,6 +675,14 @@
// NOTREACHED
}
ephemeralServerKey = mesg.getPublicKey();
+
+ // check constraints of RSA PublicKey
+ if (!algorithmConstraints.permits(
+ EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), ephemeralServerKey)) {
+
+ throw new SSLHandshakeException("RSA ServerKeyExchange " +
+ "does not comply to algorithm constraints");
+ }
}
@@ -692,6 +700,9 @@
dh = new DHCrypt(mesg.getModulus(), mesg.getBase(),
sslContext.getSecureRandom());
serverDH = mesg.getServerPublicKey();
+
+ // check algorithm constraints
+ dh.checkConstraints(algorithmConstraints, serverDH);
}
private void serverKeyExchange(ECDH_ServerKeyExchange mesg)
@@ -702,6 +713,14 @@
ECPublicKey key = mesg.getPublicKey();
ecdh = new ECDHCrypt(key.getParams(), sslContext.getSecureRandom());
ephemeralServerKey = key;
+
+ // check constraints of EC PublicKey
+ if (!algorithmConstraints.permits(
+ EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), ephemeralServerKey)) {
+
+ throw new SSLHandshakeException("ECDH ServerKeyExchange " +
+ "does not comply to algorithm constraints");
+ }
}
/*
--- ./jdk/src/share/classes/sun/security/ssl/DHCrypt.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/sun/security/ssl/DHCrypt.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -34,6 +34,7 @@
import javax.crypto.KeyAgreement;
import javax.crypto.interfaces.DHPublicKey;
import javax.crypto.spec.*;
+import java.util.EnumSet;
import sun.security.util.KeyUtil;
@@ -216,6 +217,28 @@
}
}
+ // Check constraints of the specified DH public key.
+ void checkConstraints(AlgorithmConstraints constraints,
+ BigInteger peerPublicValue) throws SSLHandshakeException {
+
+ try {
+ KeyFactory kf = JsseJce.getKeyFactory("DiffieHellman");
+ DHPublicKeySpec spec =
+ new DHPublicKeySpec(peerPublicValue, modulus, base);
+ DHPublicKey publicKey = (DHPublicKey)kf.generatePublic(spec);
+
+ // check constraints of DHPublicKey
+ if (!constraints.permits(
+ EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), publicKey)) {
+ throw new SSLHandshakeException(
+ "DHPublicKey does not comply to algorithm constraints");
+ }
+ } catch (GeneralSecurityException gse) {
+ throw (SSLHandshakeException) new SSLHandshakeException(
+ "Could not generate DHPublicKey").initCause(gse);
+ }
+ }
+
// Generate and validate DHPublicKeySpec
private DHPublicKeySpec generateDHPublicKeySpec(KeyPairGenerator kpg)
throws GeneralSecurityException {
--- ./jdk/src/share/classes/sun/security/ssl/ECDHCrypt.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/sun/security/ssl/ECDHCrypt.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2006, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -29,6 +29,7 @@
import java.security.interfaces.ECPublicKey;
import java.security.spec.*;
+import java.util.EnumSet;
import javax.crypto.SecretKey;
import javax.crypto.KeyAgreement;
import javax.net.ssl.SSLHandshakeException;
@@ -88,8 +89,11 @@
return publicKey;
}
- // called by ClientHandshaker with either the server's static or ephemeral public key
- SecretKey getAgreedSecret(PublicKey peerPublicKey) throws SSLHandshakeException {
+ // called by ClientHandshaker with either the server's static or
+ // ephemeral public key
+ SecretKey getAgreedSecret(
+ PublicKey peerPublicKey) throws SSLHandshakeException {
+
try {
KeyAgreement ka = JsseJce.getKeyAgreement("ECDH");
ka.init(privateKey);
@@ -102,10 +106,13 @@
}
// called by ServerHandshaker
- SecretKey getAgreedSecret(byte[] encodedPoint) throws SSLHandshakeException {
+ SecretKey getAgreedSecret(
+ byte[] encodedPoint) throws SSLHandshakeException {
+
try {
ECParameterSpec params = publicKey.getParams();
- ECPoint point = JsseJce.decodePoint(encodedPoint, params.getCurve());
+ ECPoint point =
+ JsseJce.decodePoint(encodedPoint, params.getCurve());
KeyFactory kf = JsseJce.getKeyFactory("EC");
ECPublicKeySpec spec = new ECPublicKeySpec(point, params);
PublicKey peerPublicKey = kf.generatePublic(spec);
@@ -116,4 +123,30 @@
}
}
+ // Check constraints of the specified EC public key.
+ void checkConstraints(AlgorithmConstraints constraints,
+ byte[] encodedPoint) throws SSLHandshakeException {
+
+ try {
+
+ ECParameterSpec params = publicKey.getParams();
+ ECPoint point =
+ JsseJce.decodePoint(encodedPoint, params.getCurve());
+ ECPublicKeySpec spec = new ECPublicKeySpec(point, params);
+
+ KeyFactory kf = JsseJce.getKeyFactory("EC");
+ ECPublicKey publicKey = (ECPublicKey)kf.generatePublic(spec);
+
+ // check constraints of ECPublicKey
+ if (!constraints.permits(
+ EnumSet.of(CryptoPrimitive.KEY_AGREEMENT), publicKey)) {
+ throw new SSLHandshakeException(
+ "ECPublicKey does not comply to algorithm constraints");
+ }
+ } catch (GeneralSecurityException | java.io.IOException e) {
+ throw (SSLHandshakeException) new SSLHandshakeException(
+ "Could not generate ECPublicKey").initCause(e);
+ }
+ }
+
}
--- ./jdk/src/share/classes/sun/security/ssl/HandshakeMessage.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/sun/security/ssl/HandshakeMessage.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -1907,7 +1907,7 @@
*/
boolean verify(HandshakeHash handshakeHash, int sender, SecretKey master) {
byte[] myFinished = getFinished(handshakeHash, sender, master);
- return Arrays.equals(myFinished, verifyData);
+ return MessageDigest.isEqual(myFinished, verifyData);
}
/*
--- ./jdk/src/share/classes/sun/security/ssl/Handshaker.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/sun/security/ssl/Handshaker.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -86,7 +86,7 @@
String identificationProtocol;
// The cryptographic algorithm constraints
- private AlgorithmConstraints algorithmConstraints = null;
+ AlgorithmConstraints algorithmConstraints = null;
// Local supported signature and algorithms
Collection localSupportedSignAlgs;
--- ./jdk/src/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/sun/security/ssl/SSLAlgorithmConstraints.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2010, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -34,9 +34,9 @@
import java.security.Key;
import java.util.Set;
-import java.util.HashSet;
import sun.security.util.DisabledAlgorithmConstraints;
+import static sun.security.util.DisabledAlgorithmConstraints.*;
import sun.security.ssl.CipherSuite.*;
/**
@@ -46,10 +46,15 @@
* for the syntax of the disabled algorithm string.
*/
final class SSLAlgorithmConstraints implements AlgorithmConstraints {
+
private final static AlgorithmConstraints tlsDisabledAlgConstraints =
- new TLSDisabledAlgConstraints();
+ new DisabledAlgorithmConstraints(PROPERTY_TLS_DISABLED_ALGS,
+ new SSLAlgorithmDecomposer());
+
private final static AlgorithmConstraints x509DisabledAlgConstraints =
- new X509DisabledAlgConstraints();
+ new DisabledAlgorithmConstraints(PROPERTY_CERTPATH_DISABLED_ALGS,
+ new SSLAlgorithmDecomposer(true));
+
private AlgorithmConstraints userAlgConstraints = null;
private AlgorithmConstraints peerAlgConstraints = null;
@@ -267,217 +272,4 @@
}
}
- static private class BasicDisabledAlgConstraints
- extends DisabledAlgorithmConstraints {
- BasicDisabledAlgConstraints(String propertyName) {
- super(propertyName);
- }
-
- protected Set decomposes(KeyExchange keyExchange,
- boolean forCertPathOnly) {
- Set components = new HashSet<>();
- switch (keyExchange) {
- case K_NULL:
- if (!forCertPathOnly) {
- components.add("NULL");
- }
- break;
- case K_RSA:
- components.add("RSA");
- break;
- case K_RSA_EXPORT:
- components.add("RSA");
- components.add("RSA_EXPORT");
- break;
- case K_DH_RSA:
- components.add("RSA");
- components.add("DH");
- components.add("DiffieHellman");
- components.add("DH_RSA");
- break;
- case K_DH_DSS:
- components.add("DSA");
- components.add("DSS");
- components.add("DH");
- components.add("DiffieHellman");
- components.add("DH_DSS");
- break;
- case K_DHE_DSS:
- components.add("DSA");
- components.add("DSS");
- components.add("DH");
- components.add("DHE");
- components.add("DiffieHellman");
- components.add("DHE_DSS");
- break;
- case K_DHE_RSA:
- components.add("RSA");
- components.add("DH");
- components.add("DHE");
- components.add("DiffieHellman");
- components.add("DHE_RSA");
- break;
- case K_DH_ANON:
- if (!forCertPathOnly) {
- components.add("ANON");
- components.add("DH");
- components.add("DiffieHellman");
- components.add("DH_ANON");
- }
- break;
- case K_ECDH_ECDSA:
- components.add("ECDH");
- components.add("ECDSA");
- components.add("ECDH_ECDSA");
- break;
- case K_ECDH_RSA:
- components.add("ECDH");
- components.add("RSA");
- components.add("ECDH_RSA");
- break;
- case K_ECDHE_ECDSA:
- components.add("ECDHE");
- components.add("ECDSA");
- components.add("ECDHE_ECDSA");
- break;
- case K_ECDHE_RSA:
- components.add("ECDHE");
- components.add("RSA");
- components.add("ECDHE_RSA");
- break;
- case K_ECDH_ANON:
- if (!forCertPathOnly) {
- components.add("ECDH");
- components.add("ANON");
- components.add("ECDH_ANON");
- }
- break;
- case K_KRB5:
- if (!forCertPathOnly) {
- components.add("KRB5");
- }
- break;
- case K_KRB5_EXPORT:
- if (!forCertPathOnly) {
- components.add("KRB5_EXPORT");
- }
- break;
- default:
- // ignore
- }
-
- return components;
- }
-
- protected Set decomposes(BulkCipher bulkCipher) {
- Set components = new HashSet<>();
-
- if (bulkCipher.transformation != null) {
- components.addAll(super.decomposes(bulkCipher.transformation));
- }
-
- return components;
- }
-
- protected Set decomposes(MacAlg macAlg) {
- Set components = new HashSet<>();
-
- if (macAlg == CipherSuite.M_MD5) {
- components.add("MD5");
- components.add("HmacMD5");
- } else if (macAlg == CipherSuite.M_SHA) {
- components.add("SHA1");
- components.add("SHA-1");
- components.add("HmacSHA1");
- } else if (macAlg == CipherSuite.M_SHA256) {
- components.add("SHA256");
- components.add("SHA-256");
- components.add("HmacSHA256");
- } else if (macAlg == CipherSuite.M_SHA384) {
- components.add("SHA384");
- components.add("SHA-384");
- components.add("HmacSHA384");
- }
-
- return components;
- }
- }
-
- static private class TLSDisabledAlgConstraints
- extends BasicDisabledAlgConstraints {
-
- TLSDisabledAlgConstraints() {
- super(DisabledAlgorithmConstraints.PROPERTY_TLS_DISABLED_ALGS);
- }
-
- @Override
- protected Set decomposes(String algorithm) {
- if (algorithm.startsWith("SSL_") || algorithm.startsWith("TLS_")) {
- CipherSuite cipherSuite = null;
- try {
- cipherSuite = CipherSuite.valueOf(algorithm);
- } catch (IllegalArgumentException iae) {
- // ignore: unknown or unsupported ciphersuite
- }
-
- if (cipherSuite != null) {
- Set components = new HashSet<>();
-
- if(cipherSuite.keyExchange != null) {
- components.addAll(
- decomposes(cipherSuite.keyExchange, false));
- }
-
- if (cipherSuite.cipher != null) {
- components.addAll(decomposes(cipherSuite.cipher));
- }
-
- if (cipherSuite.macAlg != null) {
- components.addAll(decomposes(cipherSuite.macAlg));
- }
-
- return components;
- }
- }
-
- return super.decomposes(algorithm);
- }
- }
-
- static private class X509DisabledAlgConstraints
- extends BasicDisabledAlgConstraints {
-
- X509DisabledAlgConstraints() {
- super(DisabledAlgorithmConstraints.PROPERTY_CERTPATH_DISABLED_ALGS);
- }
-
- @Override
- protected Set decomposes(String algorithm) {
- if (algorithm.startsWith("SSL_") || algorithm.startsWith("TLS_")) {
- CipherSuite cipherSuite = null;
- try {
- cipherSuite = CipherSuite.valueOf(algorithm);
- } catch (IllegalArgumentException iae) {
- // ignore: unknown or unsupported ciphersuite
- }
-
- if (cipherSuite != null) {
- Set components = new HashSet<>();
-
- if(cipherSuite.keyExchange != null) {
- components.addAll(
- decomposes(cipherSuite.keyExchange, true));
- }
-
- // Certification path algorithm constraints do not apply
- // to cipherSuite.cipher and cipherSuite.macAlg.
-
- return components;
- }
- }
-
- return super.decomposes(algorithm);
- }
- }
}
-
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ ./jdk/src/share/classes/sun/security/ssl/SSLAlgorithmDecomposer.java Tue Jun 02 13:49:09 2015 +0300
@@ -0,0 +1,251 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.ssl;
+
+import java.util.HashSet;
+import java.util.Set;
+import sun.security.util.AlgorithmDecomposer;
+import static sun.security.ssl.CipherSuite.*;
+import static sun.security.ssl.CipherSuite.KeyExchange.*;
+
+/**
+ * The class decomposes standard SSL/TLS cipher suites into sub-elements.
+ */
+class SSLAlgorithmDecomposer extends AlgorithmDecomposer {
+
+ // indicates that only certification path algorithms need to be used
+ private final boolean onlyX509;
+
+ SSLAlgorithmDecomposer(boolean onlyX509) {
+ this.onlyX509 = onlyX509;
+ }
+
+ SSLAlgorithmDecomposer() {
+ this(false);
+ }
+
+ private Set decomposes(CipherSuite.KeyExchange keyExchange) {
+ Set components = new HashSet<>();
+ switch (keyExchange) {
+ case K_NULL:
+ if (!onlyX509) {
+ components.add("K_NULL");
+ }
+ break;
+ case K_RSA:
+ components.add("RSA");
+ break;
+ case K_RSA_EXPORT:
+ components.add("RSA");
+ components.add("RSA_EXPORT");
+ break;
+ case K_DH_RSA:
+ components.add("RSA");
+ components.add("DH");
+ components.add("DiffieHellman");
+ components.add("DH_RSA");
+ break;
+ case K_DH_DSS:
+ components.add("DSA");
+ components.add("DSS");
+ components.add("DH");
+ components.add("DiffieHellman");
+ components.add("DH_DSS");
+ break;
+ case K_DHE_DSS:
+ components.add("DSA");
+ components.add("DSS");
+ components.add("DH");
+ components.add("DHE");
+ components.add("DiffieHellman");
+ components.add("DHE_DSS");
+ break;
+ case K_DHE_RSA:
+ components.add("RSA");
+ components.add("DH");
+ components.add("DHE");
+ components.add("DiffieHellman");
+ components.add("DHE_RSA");
+ break;
+ case K_DH_ANON:
+ if (!onlyX509) {
+ components.add("ANON");
+ components.add("DH");
+ components.add("DiffieHellman");
+ components.add("DH_ANON");
+ }
+ break;
+ case K_ECDH_ECDSA:
+ components.add("ECDH");
+ components.add("ECDSA");
+ components.add("ECDH_ECDSA");
+ break;
+ case K_ECDH_RSA:
+ components.add("ECDH");
+ components.add("RSA");
+ components.add("ECDH_RSA");
+ break;
+ case K_ECDHE_ECDSA:
+ components.add("ECDHE");
+ components.add("ECDSA");
+ components.add("ECDHE_ECDSA");
+ break;
+ case K_ECDHE_RSA:
+ components.add("ECDHE");
+ components.add("RSA");
+ components.add("ECDHE_RSA");
+ break;
+ case K_ECDH_ANON:
+ if (!onlyX509) {
+ components.add("ECDH");
+ components.add("ANON");
+ components.add("ECDH_ANON");
+ }
+ break;
+ case K_KRB5:
+ if (!onlyX509) {
+ components.add("KRB5");
+ }
+ break;
+ case K_KRB5_EXPORT:
+ if (!onlyX509) {
+ components.add("KRB5_EXPORT");
+ }
+ break;
+ default:
+ // ignore
+ }
+
+ return components;
+ }
+
+ private Set decomposes(CipherSuite.BulkCipher bulkCipher) {
+ Set components = new HashSet<>();
+
+ if (bulkCipher.transformation != null) {
+ components.addAll(super.decompose(bulkCipher.transformation));
+ }
+
+ if (bulkCipher == B_NULL) {
+ components.add("C_NULL");
+ } else if (bulkCipher == B_RC2_40) {
+ components.add("RC2_CBC_40");
+ } else if (bulkCipher == B_RC4_40) {
+ components.add("RC4_40");
+ } else if (bulkCipher == B_RC4_128) {
+ components.add("RC4_128");
+ } else if (bulkCipher == B_DES_40) {
+ components.add("DES40_CBC");
+ components.add("DES_CBC_40");
+ } else if (bulkCipher == B_DES) {
+ components.add("DES_CBC");
+ } else if (bulkCipher == B_3DES) {
+ components.add("3DES_EDE_CBC");
+ } else if (bulkCipher == B_AES_128) {
+ components.add("AES_128_CBC");
+ } else if (bulkCipher == B_AES_256) {
+ components.add("AES_256_CBC");
+ } else if (bulkCipher == B_AES_128_GCM) {
+ components.add("AES_128_GCM");
+ } else if (bulkCipher == B_AES_256_GCM) {
+ components.add("AES_256_GCM");
+ }
+
+ return components;
+ }
+
+ private Set decomposes(CipherSuite.MacAlg macAlg,
+ BulkCipher cipher) {
+ Set components = new HashSet<>();
+
+ if (macAlg == M_NULL
+ && cipher.cipherType != CipherType.AEAD_CIPHER) {
+ components.add("M_NULL");
+ } else if (macAlg == M_MD5) {
+ components.add("MD5");
+ components.add("HmacMD5");
+ } else if (macAlg == M_SHA) {
+ components.add("SHA1");
+ components.add("SHA-1");
+ components.add("HmacSHA1");
+ } else if (macAlg == M_SHA256) {
+ components.add("SHA256");
+ components.add("SHA-256");
+ components.add("HmacSHA256");
+ } else if (macAlg == M_SHA384) {
+ components.add("SHA384");
+ components.add("SHA-384");
+ components.add("HmacSHA384");
+ }
+
+ return components;
+ }
+
+ private Set decompose(KeyExchange keyExchange, BulkCipher cipher,
+ MacAlg macAlg) {
+ Set components = new HashSet<>();
+
+ if (keyExchange != null) {
+ components.addAll(decomposes(keyExchange));
+ }
+
+ if (onlyX509) {
+ // Certification path algorithm constraints do not apply
+ // to cipher and macAlg.
+ return components;
+ }
+
+ if (cipher != null) {
+ components.addAll(decomposes(cipher));
+ }
+
+ if (macAlg != null) {
+ components.addAll(decomposes(macAlg, cipher));
+ }
+
+ return components;
+ }
+
+ @Override
+ public Set decompose(String algorithm) {
+ if (algorithm.startsWith("SSL_") || algorithm.startsWith("TLS_")) {
+ CipherSuite cipherSuite = null;
+ try {
+ cipherSuite = CipherSuite.valueOf(algorithm);
+ } catch (IllegalArgumentException iae) {
+ // ignore: unknown or unsupported ciphersuite
+ }
+
+ if (cipherSuite != null) {
+ return decompose(cipherSuite.keyExchange, cipherSuite.cipher,
+ cipherSuite.macAlg);
+ }
+ }
+
+ return super.decompose(algorithm);
+ }
+
+}
--- ./jdk/src/share/classes/sun/security/ssl/SSLSocketImpl.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/sun/security/ssl/SSLSocketImpl.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -40,6 +40,9 @@
import javax.crypto.BadPaddingException;
import javax.net.ssl.*;
+import sun.misc.JavaNetAccess;
+import sun.misc.SharedSecrets;
+
/**
* Implementation of an SSL socket. This is a normal connection type
* socket, implementing SSL over some lower level socket, such as TCP.
@@ -389,6 +392,15 @@
*/
private boolean preferLocalCipherSuites = false;
+ /*
+ * Is the local name service trustworthy?
+ *
+ * If the local name service is not trustworthy, reverse host name
+ * resolution should not be performed for endpoint identification.
+ */
+ static final boolean trustNameService =
+ Debug.getBooleanProperty("jdk.tls.trustNameService", false);
+
//
// CONSTRUCTORS AND INITIALIZATION CODE
//
@@ -2149,11 +2161,41 @@
synchronized String getHost() {
// Note that the host may be null or empty for localhost.
if (host == null || host.length() == 0) {
- host = getInetAddress().getHostName();
+ if (!trustNameService) {
+ // If the local name service is not trustworthy, reverse host
+ // name resolution should not be performed for endpoint
+ // identification. Use the application original specified
+ // hostname or IP address instead.
+ host = getOriginalHostname(getInetAddress());
+ } else {
+ host = getInetAddress().getHostName();
+ }
}
+
return host;
}
+ /*
+ * Get the original application specified hostname.
+ */
+ private static String getOriginalHostname(InetAddress inetAddress) {
+ /*
+ * Get the original hostname via sun.misc.SharedSecrets.
+ */
+ JavaNetAccess jna = SharedSecrets.getJavaNetAccess();
+ String originalHostname = jna.getOriginalHostName(inetAddress);
+
+ /*
+ * If no application specified hostname, use the IP address.
+ */
+ if (originalHostname == null || originalHostname.length() == 0) {
+ originalHostname = inetAddress.getHostAddress();
+ }
+
+ return originalHostname;
+ }
+
+
// ONLY used by HttpsClient to setup the URI specified hostname
//
// Please NOTE that this method MUST be called before calling to
--- ./jdk/src/share/classes/sun/security/ssl/ServerHandshaker.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/sun/security/ssl/ServerHandshaker.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -32,6 +32,7 @@
import java.security.cert.*;
import java.security.interfaces.*;
import java.security.spec.ECParameterSpec;
+import java.math.BigInteger;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
@@ -41,6 +42,7 @@
import javax.security.auth.Subject;
import sun.security.util.KeyUtil;
+import sun.security.util.LegacyAlgorithmConstraints;
import sun.security.action.GetPropertyAction;
import sun.security.ssl.HandshakeMessage.*;
import sun.security.ssl.CipherSuite.*;
@@ -106,6 +108,12 @@
// The customized ephemeral DH key size for non-exportable cipher suites.
private static final int customizedDHKeySize;
+ // legacy algorithm constraints
+ private static final AlgorithmConstraints legacyAlgorithmConstraints =
+ new LegacyAlgorithmConstraints(
+ LegacyAlgorithmConstraints.PROPERTY_TLS_LEGACY_ALGS,
+ new SSLAlgorithmDecomposer());
+
static {
String property = AccessController.doPrivileged(
new GetPropertyAction("jdk.tls.ephemeralDHKeySize"));
@@ -406,7 +414,7 @@
}
// verify the client_verify_data value
- if (!Arrays.equals(clientVerifyData,
+ if (!MessageDigest.isEqual(clientVerifyData,
clientHelloRI.getRenegotiatedConnection())) {
fatalSE(Alerts.alert_handshake_failure,
"Incorrect verify data in ClientHello " +
@@ -995,6 +1003,7 @@
proposed = getActiveCipherSuites();
}
+ List legacySuites = new ArrayList<>();
for (CipherSuite suite : prefered.collection()) {
if (isNegotiable(proposed, suite) == false) {
continue;
@@ -1006,11 +1015,24 @@
continue;
}
}
+
+ if (!legacyAlgorithmConstraints.permits(null, suite.name, null)) {
+ legacySuites.add(suite);
+ continue;
+ }
+
if (trySetCipherSuite(suite) == false) {
continue;
}
return;
}
+
+ for (CipherSuite suite : legacySuites) {
+ if (trySetCipherSuite(suite)) {
+ return;
+ }
+ }
+
fatalSE(Alerts.alert_handshake_failure, "no cipher suites in common");
}
@@ -1543,7 +1565,13 @@
if (debug != null && Debug.isOn("handshake")) {
mesg.print(System.out);
}
- return dh.getAgreedSecret(mesg.getClientPublicKey(), false);
+
+ BigInteger publicKeyValue = mesg.getClientPublicKey();
+
+ // check algorithm constraints
+ dh.checkConstraints(algorithmConstraints, publicKeyValue);
+
+ return dh.getAgreedSecret(publicKeyValue, false);
}
private SecretKey clientKeyExchange(ECDHClientKeyExchange mesg)
@@ -1552,7 +1580,13 @@
if (debug != null && Debug.isOn("handshake")) {
mesg.print(System.out);
}
- return ecdh.getAgreedSecret(mesg.getEncodedPoint());
+
+ byte[] publicPoint = mesg.getEncodedPoint();
+
+ // check algorithm constraints
+ ecdh.checkConstraints(algorithmConstraints, publicPoint);
+
+ return ecdh.getAgreedSecret(publicPoint);
}
/*
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ ./jdk/src/share/classes/sun/security/util/AbstractAlgorithmConstraints.java Tue Jun 02 13:49:09 2015 +0300
@@ -0,0 +1,119 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.util;
+
+import java.security.AccessController;
+import java.security.AlgorithmConstraints;
+import java.security.PrivilegedAction;
+import java.security.Security;
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * The class contains common functionality for algorithm constraints classes.
+ */
+public abstract class AbstractAlgorithmConstraints
+ implements AlgorithmConstraints {
+
+ protected final AlgorithmDecomposer decomposer;
+
+ protected AbstractAlgorithmConstraints(AlgorithmDecomposer decomposer) {
+ this.decomposer = decomposer;
+ }
+
+ // Get algorithm constraints from the specified security property.
+ private static void loadAlgorithmsMap(Map algorithmsMap,
+ String propertyName) {
+ String property = AccessController.doPrivileged(
+ (PrivilegedAction) () -> Security.getProperty(
+ propertyName));
+
+ String[] algorithmsInProperty = null;
+ if (property != null && !property.isEmpty()) {
+ // remove double quote marks from beginning/end of the property
+ if (property.charAt(0) == '"'
+ && property.charAt(property.length() - 1) == '"') {
+ property = property.substring(1, property.length() - 1);
+ }
+ algorithmsInProperty = property.split(",");
+ for (int i = 0; i < algorithmsInProperty.length;
+ i++) {
+ algorithmsInProperty[i] = algorithmsInProperty[i].trim();
+ }
+ }
+
+ // map the disabled algorithms
+ if (algorithmsInProperty == null) {
+ algorithmsInProperty = new String[0];
+ }
+ algorithmsMap.put(propertyName, algorithmsInProperty);
+ }
+
+ static String[] getAlgorithms(Map algorithmsMap,
+ String propertyName) {
+ synchronized (algorithmsMap) {
+ if (!algorithmsMap.containsKey(propertyName)) {
+ loadAlgorithmsMap(algorithmsMap, propertyName);
+ }
+
+ return algorithmsMap.get(propertyName);
+ }
+ }
+
+ static boolean checkAlgorithm(String[] algorithms, String algorithm,
+ AlgorithmDecomposer decomposer) {
+ if (algorithm == null || algorithm.length() == 0) {
+ throw new IllegalArgumentException("No algorithm name specified");
+ }
+
+ Set elements = null;
+ for (String item : algorithms) {
+ if (item == null || item.isEmpty()) {
+ continue;
+ }
+
+ // check the full name
+ if (item.equalsIgnoreCase(algorithm)) {
+ return false;
+ }
+
+ // decompose the algorithm into sub-elements
+ if (elements == null) {
+ elements = decomposer.decompose(algorithm);
+ }
+
+ // check the items of the algorithm
+ for (String element : elements) {
+ if (item.equalsIgnoreCase(element)) {
+ return false;
+ }
+ }
+ }
+
+ return true;
+ }
+
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ ./jdk/src/share/classes/sun/security/util/AlgorithmDecomposer.java Tue Jun 02 13:49:09 2015 +0300
@@ -0,0 +1,130 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.util;
+
+import java.util.HashSet;
+import java.util.Set;
+import java.util.regex.Pattern;
+
+/**
+ * The class decomposes standard algorithms into sub-elements.
+ */
+public class AlgorithmDecomposer {
+
+ private static final Pattern transPattern = Pattern.compile("/");
+ private static final Pattern pattern =
+ Pattern.compile("with|and", Pattern.CASE_INSENSITIVE);
+
+ /**
+ * Decompose the standard algorithm name into sub-elements.
+ *
+ * For example, we need to decompose "SHA1WithRSA" into "SHA1" and "RSA"
+ * so that we can check the "SHA1" and "RSA" algorithm constraints
+ * separately.
+ *
+ * Please override the method if need to support more name pattern.
+ */
+ public Set decompose(String algorithm) {
+ if (algorithm == null || algorithm.length() == 0) {
+ return new HashSet<>();
+ }
+
+ // algorithm/mode/padding
+ String[] transTockens = transPattern.split(algorithm);
+
+ Set elements = new HashSet<>();
+ for (String transTocken : transTockens) {
+ if (transTocken == null || transTocken.length() == 0) {
+ continue;
+ }
+
+ // PBEWithAnd
+ // PBEWithAnd
+ // OAEPWithAndPadding
+ // with
+ // withand
+ String[] tokens = pattern.split(transTocken);
+
+ for (String token : tokens) {
+ if (token == null || token.length() == 0) {
+ continue;
+ }
+
+ elements.add(token);
+ }
+ }
+
+ // In Java standard algorithm name specification, for different
+ // purpose, the SHA-1 and SHA-2 algorithm names are different. For
+ // example, for MessageDigest, the standard name is "SHA-256", while
+ // for Signature, the digest algorithm component is "SHA256" for
+ // signature algorithm "SHA256withRSA". So we need to check both
+ // "SHA-256" and "SHA256" to make the right constraint checking.
+
+ // handle special name: SHA-1 and SHA1
+ if (elements.contains("SHA1") && !elements.contains("SHA-1")) {
+ elements.add("SHA-1");
+ }
+ if (elements.contains("SHA-1") && !elements.contains("SHA1")) {
+ elements.add("SHA1");
+ }
+
+ // handle special name: SHA-224 and SHA224
+ if (elements.contains("SHA224") && !elements.contains("SHA-224")) {
+ elements.add("SHA-224");
+ }
+ if (elements.contains("SHA-224") && !elements.contains("SHA224")) {
+ elements.add("SHA224");
+ }
+
+ // handle special name: SHA-256 and SHA256
+ if (elements.contains("SHA256") && !elements.contains("SHA-256")) {
+ elements.add("SHA-256");
+ }
+ if (elements.contains("SHA-256") && !elements.contains("SHA256")) {
+ elements.add("SHA256");
+ }
+
+ // handle special name: SHA-384 and SHA384
+ if (elements.contains("SHA384") && !elements.contains("SHA-384")) {
+ elements.add("SHA-384");
+ }
+ if (elements.contains("SHA-384") && !elements.contains("SHA384")) {
+ elements.add("SHA384");
+ }
+
+ // handle special name: SHA-512 and SHA512
+ if (elements.contains("SHA512") && !elements.contains("SHA-512")) {
+ elements.add("SHA-512");
+ }
+ if (elements.contains("SHA-512") && !elements.contains("SHA512")) {
+ elements.add("SHA512");
+ }
+
+ return elements;
+ }
+
+}
--- ./jdk/src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/sun/security/util/DisabledAlgorithmConstraints.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2010, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -25,15 +25,9 @@
package sun.security.util;
-import java.security.AlgorithmConstraints;
import java.security.CryptoPrimitive;
import java.security.AlgorithmParameters;
-
import java.security.Key;
-import java.security.Security;
-import java.security.PrivilegedAction;
-import java.security.AccessController;
-
import java.util.Locale;
import java.util.Set;
import java.util.Collections;
@@ -49,7 +43,7 @@
* See the "jdk.certpath.disabledAlgorithms" specification in java.security
* for the syntax of the disabled algorithm string.
*/
-public class DisabledAlgorithmConstraints implements AlgorithmConstraints {
+public class DisabledAlgorithmConstraints extends AbstractAlgorithmConstraints {
// the known security property, jdk.certpath.disabledAlgorithms
public final static String PROPERTY_CERTPATH_DISABLED_ALGS =
@@ -64,8 +58,8 @@
private final static Map keySizeConstraintsMap =
new HashMap<>();
- private String[] disabledAlgorithms;
- private KeySizeConstraints keySizeConstraints;
+ private final String[] disabledAlgorithms;
+ private final KeySizeConstraints keySizeConstraints;
/**
* Initialize algorithm constraints with the specified security property.
@@ -74,56 +68,27 @@
* algorithm constraints
*/
public DisabledAlgorithmConstraints(String propertyName) {
- // Both disabledAlgorithmsMap and keySizeConstraintsMap are
- // synchronized with the lock of disabledAlgorithmsMap.
- synchronized (disabledAlgorithmsMap) {
- if(!disabledAlgorithmsMap.containsKey(propertyName)) {
- loadDisabledAlgorithmsMap(propertyName);
- }
+ this(propertyName, new AlgorithmDecomposer());
+ }
- disabledAlgorithms = disabledAlgorithmsMap.get(propertyName);
- keySizeConstraints = keySizeConstraintsMap.get(propertyName);
- }
+ public DisabledAlgorithmConstraints(String propertyName,
+ AlgorithmDecomposer decomposer) {
+ super(decomposer);
+ disabledAlgorithms = getAlgorithms(disabledAlgorithmsMap, propertyName);
+ keySizeConstraints = getKeySizeConstraints(disabledAlgorithms,
+ propertyName);
}
@Override
final public boolean permits(Set primitives,
String algorithm, AlgorithmParameters parameters) {
- if (algorithm == null || algorithm.length() == 0) {
- throw new IllegalArgumentException("No algorithm name specified");
- }
-
if (primitives == null || primitives.isEmpty()) {
throw new IllegalArgumentException(
"No cryptographic primitive specified");
}
- Set elements = null;
- for (String disabled : disabledAlgorithms) {
- if (disabled == null || disabled.isEmpty()) {
- continue;
- }
-
- // check the full name
- if (disabled.equalsIgnoreCase(algorithm)) {
- return false;
- }
-
- // decompose the algorithm into sub-elements
- if (elements == null) {
- elements = decomposes(algorithm);
- }
-
- // check the items of the algorithm
- for (String element : elements) {
- if (disabled.equalsIgnoreCase(element)) {
- return false;
- }
- }
- }
-
- return true;
+ return checkAlgorithm(disabledAlgorithms, algorithm, decomposer);
}
@Override
@@ -142,98 +107,6 @@
return checkConstraints(primitives, algorithm, key, parameters);
}
- /**
- * Decompose the standard algorithm name into sub-elements.
- *
- * For example, we need to decompose "SHA1WithRSA" into "SHA1" and "RSA"
- * so that we can check the "SHA1" and "RSA" algorithm constraints
- * separately.
- *
- * Please override the method if need to support more name pattern.
- */
- protected Set decomposes(String algorithm) {
- if (algorithm == null || algorithm.length() == 0) {
- return new HashSet();
- }
-
- // algorithm/mode/padding
- Pattern transPattern = Pattern.compile("/");
- String[] transTockens = transPattern.split(algorithm);
-
- Set elements = new HashSet();
- for (String transTocken : transTockens) {
- if (transTocken == null || transTocken.length() == 0) {
- continue;
- }
-
- // PBEWithAnd
- // PBEWithAnd
- // OAEPWithAndPadding
- // with
- // withand
- Pattern pattern =
- Pattern.compile("with|and", Pattern.CASE_INSENSITIVE);
- String[] tokens = pattern.split(transTocken);
-
- for (String token : tokens) {
- if (token == null || token.length() == 0) {
- continue;
- }
-
- elements.add(token);
- }
- }
-
- // In Java standard algorithm name specification, for different
- // purpose, the SHA-1 and SHA-2 algorithm names are different. For
- // example, for MessageDigest, the standard name is "SHA-256", while
- // for Signature, the digest algorithm component is "SHA256" for
- // signature algorithm "SHA256withRSA". So we need to check both
- // "SHA-256" and "SHA256" to make the right constraint checking.
-
- // handle special name: SHA-1 and SHA1
- if (elements.contains("SHA1") && !elements.contains("SHA-1")) {
- elements.add("SHA-1");
- }
- if (elements.contains("SHA-1") && !elements.contains("SHA1")) {
- elements.add("SHA1");
- }
-
- // handle special name: SHA-224 and SHA224
- if (elements.contains("SHA224") && !elements.contains("SHA-224")) {
- elements.add("SHA-224");
- }
- if (elements.contains("SHA-224") && !elements.contains("SHA224")) {
- elements.add("SHA224");
- }
-
- // handle special name: SHA-256 and SHA256
- if (elements.contains("SHA256") && !elements.contains("SHA-256")) {
- elements.add("SHA-256");
- }
- if (elements.contains("SHA-256") && !elements.contains("SHA256")) {
- elements.add("SHA256");
- }
-
- // handle special name: SHA-384 and SHA384
- if (elements.contains("SHA384") && !elements.contains("SHA-384")) {
- elements.add("SHA-384");
- }
- if (elements.contains("SHA-384") && !elements.contains("SHA384")) {
- elements.add("SHA384");
- }
-
- // handle special name: SHA-512 and SHA512
- if (elements.contains("SHA512") && !elements.contains("SHA-512")) {
- elements.add("SHA-512");
- }
- if (elements.contains("SHA-512") && !elements.contains("SHA512")) {
- elements.add("SHA512");
- }
-
- return elements;
- }
-
// Check algorithm constraints
private boolean checkConstraints(Set primitives,
String algorithm, Key key, AlgorithmParameters parameters) {
@@ -263,43 +136,18 @@
return true;
}
- // Get disabled algorithm constraints from the specified security property.
- private static void loadDisabledAlgorithmsMap(
- final String propertyName) {
-
- String property = AccessController.doPrivileged(
- new PrivilegedAction() {
- public String run() {
- return Security.getProperty(propertyName);
- }
- });
-
- String[] algorithmsInProperty = null;
-
- if (property != null && !property.isEmpty()) {
-
- // remove double quote marks from beginning/end of the property
- if (property.charAt(0) == '"' &&
- property.charAt(property.length() - 1) == '"') {
- property = property.substring(1, property.length() - 1);
+ private static KeySizeConstraints getKeySizeConstraints(
+ String[] disabledAlgorithms, String propertyName) {
+ synchronized (keySizeConstraintsMap) {
+ if(!keySizeConstraintsMap.containsKey(propertyName)) {
+ // map the key constraints
+ KeySizeConstraints keySizeConstraints =
+ new KeySizeConstraints(disabledAlgorithms);
+ keySizeConstraintsMap.put(propertyName, keySizeConstraints);
}
- algorithmsInProperty = property.split(",");
- for (int i = 0; i < algorithmsInProperty.length; i++) {
- algorithmsInProperty[i] = algorithmsInProperty[i].trim();
- }
+ return keySizeConstraintsMap.get(propertyName);
}
-
- // map the disabled algorithms
- if (algorithmsInProperty == null) {
- algorithmsInProperty = new String[0];
- }
- disabledAlgorithmsMap.put(propertyName, algorithmsInProperty);
-
- // map the key constraints
- KeySizeConstraints keySizeConstraints =
- new KeySizeConstraints(algorithmsInProperty);
- keySizeConstraintsMap.put(propertyName, keySizeConstraints);
}
/**
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ ./jdk/src/share/classes/sun/security/util/LegacyAlgorithmConstraints.java Tue Jun 02 13:49:09 2015 +0300
@@ -0,0 +1,73 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.util;
+
+import java.security.AlgorithmParameters;
+import java.security.CryptoPrimitive;
+import java.security.Key;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+import static sun.security.util.AbstractAlgorithmConstraints.getAlgorithms;
+
+/**
+ * Algorithm constraints for legacy algorithms.
+ */
+public class LegacyAlgorithmConstraints extends AbstractAlgorithmConstraints {
+
+ // the known security property, jdk.tls.legacyAlgorithms
+ public final static String PROPERTY_TLS_LEGACY_ALGS =
+ "jdk.tls.legacyAlgorithms";
+
+ private final static Map legacyAlgorithmsMap =
+ new HashMap<>();
+
+ private final String[] legacyAlgorithms;
+
+ public LegacyAlgorithmConstraints(String propertyName,
+ AlgorithmDecomposer decomposer) {
+ super(decomposer);
+ legacyAlgorithms = getAlgorithms(legacyAlgorithmsMap, propertyName);
+ }
+
+ @Override
+ final public boolean permits(Set primitives,
+ String algorithm, AlgorithmParameters parameters) {
+ return checkAlgorithm(legacyAlgorithms, algorithm, decomposer);
+ }
+
+ @Override
+ final public boolean permits(Set primitives, Key key) {
+ return true;
+ }
+
+ @Override
+ final public boolean permits(Set primitives,
+ String algorithm, Key key, AlgorithmParameters parameters) {
+ return checkAlgorithm(legacyAlgorithms, algorithm, decomposer);
+ }
+
+}
--- ./jdk/src/share/classes/sun/security/validator/SimpleValidator.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/sun/security/validator/SimpleValidator.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -141,8 +141,18 @@
// create distrusted certificates checker
UntrustedChecker untrustedChecker = new UntrustedChecker();
+ // check if anchor is untrusted
+ X509Certificate anchorCert = chain[chain.length - 1];
+ try {
+ untrustedChecker.check(anchorCert);
+ } catch (CertPathValidatorException cpve) {
+ throw new ValidatorException(
+ "Untrusted certificate: "+ anchorCert.getSubjectX500Principal(),
+ ValidatorException.T_UNTRUSTED_CERT, anchorCert, cpve);
+ }
+
// create default algorithm constraints checker
- TrustAnchor anchor = new TrustAnchor(chain[chain.length - 1], null);
+ TrustAnchor anchor = new TrustAnchor(anchorCert, null);
AlgorithmChecker defaultAlgChecker = new AlgorithmChecker(anchor);
// create application level algorithm constraints checker
--- ./jdk/src/share/classes/sun/tools/jar/resources/jar_de.properties Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/sun/tools/jar/resources/jar_de.properties Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
#
-# Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -45,4 +45,4 @@
out.inflated=\ vergr\u00F6\u00DFert: {0}
out.size=(ein = {0}) (aus = {1})
-usage=Verwendung: jar {ctxui}[vfmn0Me] [jar-file] [manifest-file] [entry-point] [-C dir] Dateien ...\nOptionen:\n -c Neues Archiv erstellen\n -t Inhaltsverzeichnis f\u00FCr Archiv anzeigen\n -x Benannte (oder alle) Dateien aus dem Archiv extrahieren\n -u Vorhandenes Archiv aktualisieren\n -v Ausgabe im Verbose-Modus aus Standard-Ausgabe generieren\n -f Dateinamen f\u00FCr Archiv angeben\n -m Manifest-Informationen aus angegebener Manifest-Datei einschlie\u00DFen\n -n Pack200-Normalisierung nach Erstellung eines neuen Archivs ausf\u00FChren\n -e Anwendungs-Einstiegspunkt f\u00FCr alleinstehende Anwendung angeben\n in einer ausf\u00FChrbaren JAR-Datei geb\u00FCndelt\n -0 nur speichern; keine ZIP-Komprimierung verwenden\n -M keine Manifest-Datei f\u00FCr die Eintr\u00E4ge erstellen\n -i Index-Informationen f\u00FCr die angegebenen JAR-Dateien generieren\n -C zu angegebenem Verzeichnis wechseln und die folgende Datei einschlie\u00DFen\nDateien, die Verzeichnisse sind, werden rekursiv verarbeitet.\nDie Namen der Manifest-Datei, der Archiv-Datei und des Einstiegspunkts sind\nin derselben Reihenfolge wie die Kennzeichen f\u00FCr "m", "f" und "e" angegeben.\n\nBeispiel 1: Archivieren von zwei Klassendateien in einem Archiv mit dem Namen "classes.jar": \n jar cvf classes.jar Foo.class Bar.class \nBeispiel 2: Verwenden einer vorhandenen Manifest-Datei mit dem Namen "mymanifest" und Archivieren aller\n Dateien im Verzeichnis mit dem Namen "foo/" in die Archiv-Datei "classes.jar": \n jar cvfm classes.jar mymanifest -C foo/ .\n
+usage=Verwendung: jar {ctxui}[vfmn0PMe] [jar-file] [manifest-file] [entry-point] [-C dir] Dateien ...\nOptionen:\n -c Neues Archiv erstellen\n -t Inhaltsverzeichnis f\u00FCr Archiv anzeigen\n -x Benannte (oder alle) Dateien aus dem Archiv extrahieren\n -u Vorhandenes Archiv aktualisieren\n -v Ausgabe im Verbose-Modus aus Standard-Ausgabe generieren\n -f Dateinamen f\u00FCr Archiv angeben\n -m Manifestinformationen aus angegebener Manifestdatei einschlie\u00DFen\n -n Pack200-Normalisierung nach Erstellung eines neuen Archivs ausf\u00FChren\n -e Anwendungseinstiegspunkt f\u00FCr Standalone-Anwendung angeben \n in einer ausf\u00FChrbaren JAR-Datei geb\u00FCndelt\n -0 Nur speichern; keine ZIP-Komprimierung verwenden\n -P Komponenten mit vorangestelltem "/" (absoluter Pfad) und ".." (\u00FCbergeordnetes Verzeichnis) aus Dateinamen beibehalten\n -M Keine Manifest-Datei f\u00FCr die Eintr\u00E4ge erstellen\n -i Indexinformationen f\u00FCr die angegebenen JAR-Dateien erstellen\n -C Zum angegebenen Verzeichnis wechseln und folgende Datei einschlie\u00DFen\nFalls eine Datei ein Verzeichnis ist, wird dieses rekursiv verarbeitet.\nDer Name der Manifestdatei, der Name der Archivdatei und der Name des Einstiegspunkts werden\nin derselben Reihenfolge wie die Kennzeichen "m", "f" und "e" angegeben.\n\nBeispiel 1: Archivieren Sie zwei Klassendateien in ein Archiv mit Namen "classes.jar": \n jar cvf classes.jar Foo.class Bar.class \nBeispiel 2: Verwenden Sie die vorhandenen Manifestdatei "mymanifest", und archivieren Sie alle\n Dateien im Verzeichnis foo/ directory in "classes.jar": \n jar cvfm classes.jar mymanifest -C foo/ .\n
--- ./jdk/src/share/classes/sun/tools/jar/resources/jar_es.properties Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/sun/tools/jar/resources/jar_es.properties Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
#
-# Copyright (c) 1999, 2014, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -45,4 +45,4 @@
out.inflated=\ inflado: {0}
out.size=(entrada = {0}) (salida = {1})
-usage=Sintaxis: jar {ctxui}[vfmn0Me] [jar-file] [manifest-file] [entry-point] [-C dir] archivos...\nOpciones:\n -c crear nuevo archivo\n -t crear la tabla de contenido del archivo\n -x extraer el archive mencionado (o todos) del archivo\n -u actualizar archive existente\n -v generar salida detallada de los datos de salida est\u00E1ndar\n -f especificar nombre de archive de almacenamiento\n -m incluir informaci\u00F3n de manifiesto del archive de manifiesto especificado\n -n realizar normalizaci\u00F3n de Pack200 despu\u00E9s de crear un nuevo archivo\n -e especificar punto de entrada de la aplicaci\u00F3n para la aplicaci\u00F3n aut\u00F3noma \n que se incluye dentro de un archive jar ejecutable\n -0 s\u00F3lo almacenar; no utilizar compresi\u00F3n ZIP\n -M no crear un archive de manifiesto para las entradas\n -i generar informaci\u00F3n de \u00EDndice para los archives jar especificados\n -C cambiar al directorio especificado e incluir el archivo siguiente\nSi alg\u00FAn archivo es un directorio, se procesar\u00E1 de forma recurrente.\nEl nombre del archivo de manifiesto, el nombre del archivo de almacenamiento y el nombre del punto de entrada se\nespecifican en el mismo orden que los indicadores 'm', 'f' y 'e'.\n\nEjemplo 1: para archivar archivos de dos clases en un archivo llamado classes.jar: \n jar cvf classes.jar Foo.class Bar.class \nEjemplo 2: utilice un archivo de manifiesto existente 'mymanifest' y archive todos los\n archivos del directorio foo/ en 'classes.jar': \n jar cvfm classes.jar mymanifest -C foo/ .\n
+usage=Sintaxis: jar {ctxui}[vfmn0PMe] [jar-file] [manifest-file] [entry-point] [-C dir] files ...\nOpciones:\n -c crear nuevo archivo\n -t crear la tabla de contenido del archivo\n -x extraer el archivo mencionado (o todos) del archivo\n -u actualizar archivo existente\n -v generar salida detallada de los datos de salida est\u00E1ndar\n -f especificar nombre de archivo de almacenamiento\n -m incluir informaci\u00F3n de manifiesto del archivo de manifiesto especificado\n -e especificar punto de entrada de la aplicaci\u00F3n para la aplicaci\u00F3n aut\u00F3noma \n que se incluye dentro de un archivo jar ejecutable\n -0 s\u00F3lo almacenar; no utilizar compresi\u00F3n ZIP\n -P conservar componentes iniciales '/' (ruta absoluta) y ".." (directorio principal) en los nombres de archivo\n -M no crear un archivo de manifiesto para las entradas\n -i generar informaci\u00F3n de \u00EDndice para los archivos jar especificados\n -C cambiar al directorio especificado e incluir el archivo siguiente\nSi alg\u00FAn archivo es un directorio, se procesar\u00E1 de forma recurrente.\nEl nombre del archivo de manifiesto, el nombre del archivo de almacenamiento y el nombre del punto de entrada se\nespecifican en el mismo orden que los indicadores 'm', 'f' y 'e'.\n\nEjemplo 1: para archivar archivos de dos clases en un archivo llamado classes.jar: \n jar cvf classes.jar Foo.class Bar.class \nEjemplo 2: utilice un archivo de manifiesto existente 'mymanifest' y archive todos los\n archivos del directorio foo/ en 'classes.jar': \n jar cvfm classes.jar mymanifest -C foo/ .\n
--- ./jdk/src/share/classes/sun/tools/jar/resources/jar_fr.properties Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/sun/tools/jar/resources/jar_fr.properties Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
#
-# Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -45,4 +45,4 @@
out.inflated=\ d\u00E9compress\u00E9 : {0}
out.size=(entr\u00E9e = {0}) (sortie = {1})
-usage=Syntaxe : jar {ctxui}[vfmn0Me] [fichier-jar] [fichier-manifeste] [point-entr\u00E9e] [-C r\u00E9p] fichiers...\nOptions :\n -c cr\u00E9e une archive\n -t affiche la table des mati\u00E8res de l'archive\n -x extrait les fichiers nomm\u00E9s (ou tous les fichiers) de l'archive\n -u met \u00E0 jour l'archive existante\n -v g\u00E9n\u00E8re une version d\u00E9taill\u00E9e d'une sortie standard\n -f sp\u00E9cifie le nom du fichier archive\n -m inclut les informations de manifeste \u00E0 partir du fichier manifeste sp\u00E9cifi\u00E9\n -n effectue une normalisation Pack200 apr\u00E8s la cr\u00E9ation d'une archive\n -e sp\u00E9cifie le point d'entr\u00E9e d'une application en mode autonome \n int\u00E9gr\u00E9e \u00E0 un fichier JAR ex\u00E9cutable\n -0 stockage uniquement, pas de compression ZIP\n -M ne cr\u00E9e pas de fichier manifeste pour les entr\u00E9es\n -i g\u00E9n\u00E8re les informations d'index des fichiers JAR sp\u00E9cifi\u00E9s\n -C passe au r\u00E9pertoire sp\u00E9cifi\u00E9 et inclut le fichier suivant\nSi l'un des fichiers est un r\u00E9pertoire, celui-ci est trait\u00E9 r\u00E9cursivement.\nLes noms du fichier manifeste, du fichier d'archive et du point d'entr\u00E9e sont\nsp\u00E9cifi\u00E9s dans le m\u00EAme ordre que celui des indicateurs m, f et e.\n\nExemple 1 : pour archiver deux fichiers de classe dans une archive intitul\u00E9e classes.jar : \n jar cvf classes.jar Foo.class Bar.class \nExemple 2 : pour utiliser un fichier manifeste existant 'monmanifeste', puis archiver tous les\n fichiers du r\u00E9pertoire foo/ dans 'classes.jar' : \n jar cvfm classes.jar monmanifeste -C foo/ .\n
+usage=Syntaxe : jar {ctxui}[vfmn0PMe] [fichier-jar] [fichier-manifeste] [point-entr\u00E9e] [-C r\u00E9p] fichiers...\nOptions :\n -c cr\u00E9e une archive\n -t affiche la table des mati\u00E8res de l'archive\n -x extrait les fichiers nomm\u00E9s (ou tous les fichiers) de l'archive\n -u met \u00E0 jour l'archive existante\n -v g\u00E9n\u00E8re une version d\u00E9taill\u00E9e d'une sortie standard\n -f sp\u00E9cifie le nom du fichier archive\n -m inclut les informations de manifeste \u00E0 partir du fichier manifeste sp\u00E9cifi\u00E9\n -n effectue une normalisation Pack200 apr\u00E8s la cr\u00E9ation d'une archive\n -e sp\u00E9cifie le point d'entr\u00E9e d'une application en mode autonome \n int\u00E9gr\u00E9e \u00E0 un fichier JAR ex\u00E9cutable\n -0 stockage uniquement, pas de compression ZIP\n -P pr\u00E9serve les signes de d\u00E9but '/' (chemin absolu) et ".." (r\u00E9pertoire parent) dans les noms de fichier\n -M ne cr\u00E9e pas de fichier manifeste pour les entr\u00E9es\n -i g\u00E9n\u00E8re les informations d'index des fichiers JAR sp\u00E9cifi\u00E9s\n -C passe au r\u00E9pertoire sp\u00E9cifi\u00E9 et inclut le fichier suivant\nSi l'un des fichiers est un r\u00E9pertoire, celui-ci est trait\u00E9 r\u00E9cursivement.\nLes noms du fichier manifeste, du fichier archive et du point d'entr\u00E9e sont\nsp\u00E9cifi\u00E9s dans le m\u00EAme ordre que celui des indicateurs m, f et e.\n\nExemple 1 : pour archiver deux fichiers de classe dans une archive intitul\u00E9e classes.jar : \n jar cvf classes.jar Foo.class Bar.class \nExemple 2 : pour utiliser un fichier manifeste existant 'monmanifeste', puis archiver tous les\n fichiers du r\u00E9pertoire foo/ dans 'classes.jar' : \n jar cvfm classes.jar monmanifeste -C foo/ .\n
--- ./jdk/src/share/classes/sun/tools/jar/resources/jar_it.properties Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/sun/tools/jar/resources/jar_it.properties Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
#
-# Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -45,4 +45,4 @@
out.inflated=\ decompresso: {0}
out.size=(in = {0}) (out = {1})
-usage=Uso: jar {ctxui}[vfmn0Me] [file-jar] [file-manifest] [punto di ingresso] [-C dir] file ...\nOpzioni:\n -c crea un nuovo archivio\n -t visualizza l'indice dell'archivio\n -x estrae i file con nome (o tutti i file) dall'archivio\n -u aggiorna l'archivio esistente\n -v genera output commentato dall'output standard\n -f specifica il nome file dell'archivio\n -m include informazioni manifest dal file manifest specificato\n -n esegue la normalizzazione Pack200 dopo la creazione di un nuovo archivio\n -e specifica il punto di ingresso per l'applicazione standalone \n inclusa nel file jar eseguibile\n -0 solo memorizzazione; senza compressione ZIP\n -M consente di non creare un file manifest per le voci\n -i genera informazioni sull'indice per i file jar specificati\n -C imposta la directory specificata e include il file seguente\nSe un file \u00E8 una directory, verr\u00E0 elaborato in modo ricorsivo.\nIl nome del file manifest, del file di archivio e del punto di ingresso devono\nessere specificati nello stesso ordine dei flag 'm', 'f' ed 'e'.\n\nEsempio 1: archiviazione di due file di classe in un archivio con il nome classes.jar: \n jar cvf classes.jar Foo.class Bar.class \nEsempio 2: utilizzo del file manifest esistente 'mymanifest' e archiviazione di tutti i\n file della directory foo/ in 'classes.jar': \n jar cvfm classes.jar mymanifest -C foo/ .\n
+usage=Uso: jar {ctxui}[vfmn0PMe] [jar-file] [manifest-file] [entry-point] [-C dir] files ...\nOpzioni:\n -c crea un nuovo archivio\n -t visualizza l'indice dell'archivio\n -x estrae i file con nome (o tutti i file) dall'archivio\n -u aggiorna l'archivio esistente\n -v genera output commentato dall'output standard\n -f specifica il nome file dell'archivio\n -m include informazioni manifest dal file manifest specificato\n -n esegue normalizzazione Pack200 dopo la creazione di un nuovo archivio\n -e specifica il punto di ingresso per l'applicazione stand-alone \n inclusa nel file jar eseguibile\n -0 solo memorizzazione; senza compressione ZIP\n -P conserva i componenti iniziali '/' (percorso assoluto) e \\"..\\" (directory padre) dai nomi file\n -M consente di non creare un file manifest per le voci\n -i genera informazioni sull'indice per i file jar specificati\n -C imposta la directory specificata e include il file seguente\nSe un file \u00E8 una directory, verr\u00E0 elaborato in modo ricorsivo.\nIl nome del file manifest, del file di archivio e del punto di ingresso devono\nessere specificati nello stesso ordine dei flag 'm', 'f' ed 'e'.\n\nEsempio 1: archiviazione di due file di classe in un archivio con il nome classes.jar: \n jar cvf classes.jar Foo.class Bar.class \nEsempio 2: utilizzo del file manifest esistente 'mymanifest' e archiviazione di tutti i\n file della directory foo/ in 'classes.jar': \n jar cvfm classes.jar mymanifest -C foo/ .\n
--- ./jdk/src/share/classes/sun/tools/jar/resources/jar_ja.properties Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/sun/tools/jar/resources/jar_ja.properties Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
#
-# Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -45,4 +45,4 @@
out.inflated=\ {0}\u304C\u5C55\u958B\u3055\u308C\u307E\u3057\u305F
out.size=(\u5165={0})(\u51FA={1})
-usage=\u4F7F\u7528\u65B9\u6CD5: jar {ctxui}[vfmn0Me] [jar-file] [manifest-file] [entry-point] [-C dir] files ...\n\u30AA\u30D7\u30B7\u30E7\u30F3:\n -c \u30A2\u30FC\u30AB\u30A4\u30D6\u3092\u65B0\u898F\u4F5C\u6210\u3059\u308B\n -t \u30A2\u30FC\u30AB\u30A4\u30D6\u306E\u5185\u5BB9\u3092\u4E00\u89A7\u8868\u793A\u3059\u308B\n -x \u6307\u5B9A\u306E(\u307E\u305F\u306F\u3059\u3079\u3066\u306E)\u30D5\u30A1\u30A4\u30EB\u3092\u30A2\u30FC\u30AB\u30A4\u30D6\u304B\u3089\u62BD\u51FA\u3059\u308B\n -u \u65E2\u5B58\u30A2\u30FC\u30AB\u30A4\u30D6\u3092\u66F4\u65B0\u3059\u308B\n -v \u6A19\u6E96\u51FA\u529B\u306B\u8A73\u7D30\u306A\u51FA\u529B\u3092\u751F\u6210\u3059\u308B\n -f \u30A2\u30FC\u30AB\u30A4\u30D6\u30FB\u30D5\u30A1\u30A4\u30EB\u540D\u3092\u6307\u5B9A\u3059\u308B\n -m \u6307\u5B9A\u306E\u30DE\u30CB\u30D5\u30A7\u30B9\u30C8\u30FB\u30D5\u30A1\u30A4\u30EB\u304B\u3089\u30DE\u30CB\u30D5\u30A7\u30B9\u30C8\u60C5\u5831\u3092\u53D6\u308A\u8FBC\u3080\n -n \u65B0\u898F\u30A2\u30FC\u30AB\u30A4\u30D6\u306E\u4F5C\u6210\u5F8C\u306BPack200\u6B63\u898F\u5316\u3092\u5B9F\u884C\u3059\u308B\n -e \u5B9F\u884C\u53EF\u80FDjar\u30D5\u30A1\u30A4\u30EB\u306B\u30D0\u30F3\u30C9\u30EB\u3055\u308C\u305F\u30B9\u30BF\u30F3\u30C9\u30A2\u30ED\u30F3\u30FB\n \u30A2\u30D7\u30EA\u30B1\u30FC\u30B7\u30E7\u30F3\u306E\u30A8\u30F3\u30C8\u30EA\u30FB\u30DD\u30A4\u30F3\u30C8\u3092\u6307\u5B9A\u3059\u308B\n -0 \u683C\u7D0D\u306E\u307F\u3002ZIP\u5727\u7E2E\u3092\u4F7F\u7528\u3057\u306A\u3044\n -M \u30A8\u30F3\u30C8\u30EA\u306E\u30DE\u30CB\u30D5\u30A7\u30B9\u30C8\u30FB\u30D5\u30A1\u30A4\u30EB\u3092\u4F5C\u6210\u3057\u306A\u3044\n -i \u6307\u5B9A\u306Ejar\u30D5\u30A1\u30A4\u30EB\u306E\u7D22\u5F15\u60C5\u5831\u3092\u751F\u6210\u3059\u308B\n -C \u6307\u5B9A\u306E\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\u306B\u5909\u66F4\u3057\u3001\u6B21\u306E\u30D5\u30A1\u30A4\u30EB\u3092\u53D6\u308A\u8FBC\u3080\n\u30D5\u30A1\u30A4\u30EB\u304C\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\u306E\u5834\u5408\u306F\u518D\u5E30\u7684\u306B\u51E6\u7406\u3055\u308C\u307E\u3059\u3002\n\u30DE\u30CB\u30D5\u30A7\u30B9\u30C8\u30FB\u30D5\u30A1\u30A4\u30EB\u540D\u3001\u30A2\u30FC\u30AB\u30A4\u30D6\u30FB\u30D5\u30A1\u30A4\u30EB\u540D\u304A\u3088\u3073\u30A8\u30F3\u30C8\u30EA\u30FB\u30DD\u30A4\u30F3\u30C8\u540D\u306F\u3001\n\u30D5\u30E9\u30B0'm'\u3001'f'\u3001'e'\u306E\u6307\u5B9A\u3068\u540C\u3058\u9806\u756A\u3067\u6307\u5B9A\u3059\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059\u3002\n\n\u4F8B1: 2\u3064\u306E\u30AF\u30E9\u30B9\u30FB\u30D5\u30A1\u30A4\u30EB\u3092\u30A2\u30FC\u30AB\u30A4\u30D6classes.jar\u306B\u4FDD\u5B58\u3059\u308B: \n jar cvf classes.jar Foo.class Bar.class \n\u4F8B2: \u65E2\u5B58\u306E\u30DE\u30CB\u30D5\u30A7\u30B9\u30C8\u30FB\u30D5\u30A1\u30A4\u30EB'mymanifest'\u3092\u4F7F\u7528\u3057\u3001foo/\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\u306E\n \u5168\u30D5\u30A1\u30A4\u30EB\u3092'classes.jar'\u306B\u30A2\u30FC\u30AB\u30A4\u30D6\u3059\u308B: \n jar cvfm classes.jar mymanifest -C foo/ .\n
+usage=\u4F7F\u7528\u65B9\u6CD5: jar {ctxui}[vfmn0PMe] [jar-file] [manifest-file] [entry-point] [-C dir] files ...\n\u30AA\u30D7\u30B7\u30E7\u30F3:\n -c \u30A2\u30FC\u30AB\u30A4\u30D6\u3092\u65B0\u898F\u4F5C\u6210\u3059\u308B\n -t \u30A2\u30FC\u30AB\u30A4\u30D6\u306E\u5185\u5BB9\u3092\u4E00\u89A7\u8868\u793A\u3059\u308B\n -x \u6307\u5B9A\u306E(\u307E\u305F\u306F\u3059\u3079\u3066\u306E)\u30D5\u30A1\u30A4\u30EB\u3092\u30A2\u30FC\u30AB\u30A4\u30D6\u304B\u3089\u62BD\u51FA\u3059\u308B\n -u \u65E2\u5B58\u30A2\u30FC\u30AB\u30A4\u30D6\u3092\u66F4\u65B0\u3059\u308B\n -v \u6A19\u6E96\u51FA\u529B\u306B\u8A73\u7D30\u306A\u51FA\u529B\u3092\u751F\u6210\u3059\u308B\n -f \u30A2\u30FC\u30AB\u30A4\u30D6\u30FB\u30D5\u30A1\u30A4\u30EB\u540D\u3092\u6307\u5B9A\u3059\u308B\n -m \u6307\u5B9A\u306E\u30DE\u30CB\u30D5\u30A7\u30B9\u30C8\u30FB\u30D5\u30A1\u30A4\u30EB\u304B\u3089\u30DE\u30CB\u30D5\u30A7\u30B9\u30C8\u60C5\u5831\u3092\u53D6\u308A\u8FBC\u3080\n -n \u65B0\u898F\u30A2\u30FC\u30AB\u30A4\u30D6\u306E\u4F5C\u6210\u5F8C\u306BPack200\u6B63\u898F\u5316\u3092\u5B9F\u884C\u3059\u308B\n -e \u5B9F\u884C\u53EF\u80FDjar\u30D5\u30A1\u30A4\u30EB\u306B\u30D0\u30F3\u30C9\u30EB\u3055\u308C\u305F\u30B9\u30BF\u30F3\u30C9\u30A2\u30ED\u30F3\u30FB\n \u30A2\u30D7\u30EA\u30B1\u30FC\u30B7\u30E7\u30F3\u306E\u30A8\u30F3\u30C8\u30EA\u30FB\u30DD\u30A4\u30F3\u30C8\u3092\u6307\u5B9A\u3059\u308B\n -0 \u683C\u7D0D\u306E\u307F\u3002ZIP\u5727\u7E2E\u3092\u4F7F\u7528\u3057\u306A\u3044\n -P \u30D5\u30A1\u30A4\u30EB\u540D\u306E\u5148\u982D\u306E'/' (\u7D76\u5BFE\u30D1\u30B9)\u304A\u3088\u3073\\"..\\" (\u89AA\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA)\u30B3\u30F3\u30DD\u30FC\u30CD\u30F3\u30C8\u3092\u4FDD\u6301\u3059\u308B\n -M \u30A8\u30F3\u30C8\u30EA\u306E\u30DE\u30CB\u30D5\u30A7\u30B9\u30C8\u30FB\u30D5\u30A1\u30A4\u30EB\u3092\u4F5C\u6210\u3057\u306A\u3044\n -i \u6307\u5B9A\u306Ejar\u30D5\u30A1\u30A4\u30EB\u306E\u7D22\u5F15\u60C5\u5831\u3092\u751F\u6210\u3059\u308B\n -C \u6307\u5B9A\u306E\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\u306B\u5909\u66F4\u3057\u3001\u6B21\u306E\u30D5\u30A1\u30A4\u30EB\u3092\u53D6\u308A\u8FBC\u3080\n\u30D5\u30A1\u30A4\u30EB\u304C\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\u306E\u5834\u5408\u306F\u518D\u5E30\u7684\u306B\u51E6\u7406\u3055\u308C\u307E\u3059\u3002\n\u30DE\u30CB\u30D5\u30A7\u30B9\u30C8\u30FB\u30D5\u30A1\u30A4\u30EB\u540D\u3001\u30A2\u30FC\u30AB\u30A4\u30D6\u30FB\u30D5\u30A1\u30A4\u30EB\u540D\u304A\u3088\u3073\u30A8\u30F3\u30C8\u30EA\u30FB\u30DD\u30A4\u30F3\u30C8\u540D\u306F\u3001\n\u30D5\u30E9\u30B0'm'\u3001'f'\u3001'e'\u306E\u6307\u5B9A\u3068\u540C\u3058\u9806\u756A\u3067\u6307\u5B9A\u3059\u308B\u5FC5\u8981\u304C\u3042\u308A\u307E\u3059\u3002\n\n\u4F8B1: 2\u3064\u306E\u30AF\u30E9\u30B9\u30FB\u30D5\u30A1\u30A4\u30EB\u3092\u30A2\u30FC\u30AB\u30A4\u30D6classes.jar\u306B\u4FDD\u5B58\u3059\u308B: \n jar cvf classes.jar Foo.class Bar.class \n\u4F8B2: \u65E2\u5B58\u306E\u30DE\u30CB\u30D5\u30A7\u30B9\u30C8\u30FB\u30D5\u30A1\u30A4\u30EB'mymanifest'\u3092\u4F7F\u7528\u3057\u3001foo/\u30C7\u30A3\u30EC\u30AF\u30C8\u30EA\u306E\n \u5168\u30D5\u30A1\u30A4\u30EB\u3092'classes.jar'\u306B\u30A2\u30FC\u30AB\u30A4\u30D6\u3059\u308B: \n jar cvfm classes.jar mymanifest -C foo/ \n
--- ./jdk/src/share/classes/sun/tools/jar/resources/jar_ko.properties Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/sun/tools/jar/resources/jar_ko.properties Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
#
-# Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -45,4 +45,4 @@
out.inflated=\ \uC99D\uAC00\uB428: {0}
out.size=(\uC785\uB825 = {0}) (\uCD9C\uB825 = {1})
-usage=\uC0AC\uC6A9\uBC95: jar {ctxui}[vfmn0Me] [jar-file] [manifest-file] [entry-point] [-C dir] files ...\n\uC635\uC158:\n -c \uC0C8 \uC544\uCE74\uC774\uBE0C\uB97C \uC0DD\uC131\uD569\uB2C8\uB2E4.\n -t \uC544\uCE74\uC774\uBE0C\uC5D0 \uB300\uD55C \uBAA9\uCC28\uB97C \uB098\uC5F4\uD569\uB2C8\uB2E4.\n -x \uBA85\uBA85\uB41C(\uB610\uB294 \uBAA8\uB4E0) \uD30C\uC77C\uC744 \uC544\uCE74\uC774\uBE0C\uC5D0\uC11C \uCD94\uCD9C\uD569\uB2C8\uB2E4.\n -u \uAE30\uC874 \uC544\uCE74\uC774\uBE0C\uB97C \uC5C5\uB370\uC774\uD2B8\uD569\uB2C8\uB2E4.\n -v \uD45C\uC900 \uCD9C\uB825\uC5D0 \uC0C1\uC138 \uC815\uBCF4 \uCD9C\uB825\uC744 \uC0DD\uC131\uD569\uB2C8\uB2E4.\n -f \uC544\uCE74\uC774\uBE0C \uD30C\uC77C \uC774\uB984\uC744 \uC9C0\uC815\uD569\uB2C8\uB2E4.\n -m \uC9C0\uC815\uB41C Manifest \uD30C\uC77C\uC758 Manifest \uC815\uBCF4\uB97C \uD3EC\uD568\uD569\uB2C8\uB2E4.\n -n \uC0C8 \uC544\uCE74\uC774\uBE0C\uB97C \uC0DD\uC131\uD55C \uD6C4 Pack200 \uC815\uADDC\uD654\uB97C \uC218\uD589\uD569\uB2C8\uB2E4.\n -e jar \uC2E4\uD589 \uD30C\uC77C\uC5D0 \uBC88\uB4E4\uB85C \uC81C\uACF5\uB41C \uB3C5\uB9BD\uD615 \uC751\uC6A9 \uD504\uB85C\uADF8\uB7A8\uC758 \n \uC751\uC6A9 \uD504\uB85C\uADF8\uB7A8 \uC2DC\uC791 \uC9C0\uC810\uC744 \uC9C0\uC815\uD569\uB2C8\uB2E4.\n -0 \uC800\uC7A5 \uC804\uC6A9: ZIP \uC555\uCD95\uC744 \uC0AC\uC6A9\uD558\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4.\n -M \uD56D\uBAA9\uC5D0 \uB300\uD574 Manifest \uD30C\uC77C\uC744 \uC0DD\uC131\uD558\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4.\n -i \uC9C0\uC815\uB41C jar \uD30C\uC77C\uC5D0 \uB300\uD55C \uC778\uB371\uC2A4 \uC815\uBCF4\uB97C \uC0DD\uC131\uD569\uB2C8\uB2E4.\n -C \uC9C0\uC815\uB41C \uB514\uB809\uD1A0\uB9AC\uB85C \uBCC0\uACBD\uD558\uACE0 \uB2E4\uC74C \uD30C\uC77C\uC744 \uD3EC\uD568\uD569\uB2C8\uB2E4.\n\uD2B9\uC815 \uD30C\uC77C\uC774 \uB514\uB809\uD1A0\uB9AC\uC77C \uACBD\uC6B0 \uC21C\uD658\uC801\uC73C\uB85C \uCC98\uB9AC\uB429\uB2C8\uB2E4.\nManifest \uD30C\uC77C \uC774\uB984, \uC544\uCE74\uC774\uBE0C \uD30C\uC77C \uC774\uB984 \uBC0F \uC2DC\uC791 \uC9C0\uC810 \uC774\uB984\uC740\n'm', 'f' \uBC0F 'e' \uD50C\uB798\uADF8\uC640 \uB3D9\uC77C\uD55C \uC21C\uC11C\uB85C \uC9C0\uC815\uB429\uB2C8\uB2E4.\n\n\uC608 1: classes.jar\uB77C\uB294 \uC544\uCE74\uC774\uBE0C\uC5D0 \uB450 \uD074\uB798\uC2A4 \uD30C\uC77C\uC744 \uC544\uCE74\uC774\uBE0C\uD558\uB294 \uBC29\uBC95: \n jar cvf classes.jar Foo.class Bar.class \n\uC608 2: \uAE30\uC874 Manifest \uD30C\uC77C 'mymanifest'\uB97C \uC0AC\uC6A9\uD558\uC5EC\n foo/ \uB514\uB809\uD1A0\uB9AC\uC758 \uBAA8\uB4E0 \uD30C\uC77C\uC744 'classes.jar'\uB85C \uC544\uCE74\uC774\uBE0C\uD558\uB294 \uBC29\uBC95: \n jar cvfm classes.jar mymanifest -C foo/ .
+usage=\uC0AC\uC6A9\uBC95: jar {ctxui}[vfmn0PMe] [jar-file] [manifest-file] [entry-point] [-C dir] files ...\n\uC635\uC158:\n -c \uC0C8 \uC544\uCE74\uC774\uBE0C\uB97C \uC0DD\uC131\uD569\uB2C8\uB2E4.\n -t \uC544\uCE74\uC774\uBE0C\uC5D0 \uB300\uD55C \uBAA9\uCC28\uB97C \uB098\uC5F4\uD569\uB2C8\uB2E4.\n -x \uBA85\uBA85\uB41C(\uB610\uB294 \uBAA8\uB4E0) \uD30C\uC77C\uC744 \uC544\uCE74\uC774\uBE0C\uC5D0\uC11C \uCD94\uCD9C\uD569\uB2C8\uB2E4.\n -u \uAE30\uC874 \uC544\uCE74\uC774\uBE0C\uB97C \uC5C5\uB370\uC774\uD2B8\uD569\uB2C8\uB2E4.\n -v \uD45C\uC900 \uCD9C\uB825\uC5D0 \uC0C1\uC138 \uC815\uBCF4 \uCD9C\uB825\uC744 \uC0DD\uC131\uD569\uB2C8\uB2E4.\n -f \uC544\uCE74\uC774\uBE0C \uD30C\uC77C \uC774\uB984\uC744 \uC9C0\uC815\uD569\uB2C8\uB2E4.\n -m \uC9C0\uC815\uB41C Manifest \uD30C\uC77C\uC758 Manifest \uC815\uBCF4\uB97C \uD3EC\uD568\uD569\uB2C8\uB2E4.\n -n \uC0C8 \uC544\uCE74\uC774\uBE0C\uB97C \uC0DD\uC131\uD55C \uD6C4 Pack200 \uC815\uADDC\uD654\uB97C \uC218\uD589\uD569\uB2C8\uB2E4.\n -e jar \uC2E4\uD589 \uD30C\uC77C\uC5D0 \uBC88\uB4E4\uB85C \uC81C\uACF5\uB41C \uB3C5\uB9BD\uD615 \uC751\uC6A9 \uD504\uB85C\uADF8\uB7A8\uC758 \n \uC751\uC6A9 \uD504\uB85C\uADF8\uB7A8 \uC2DC\uC791 \uC9C0\uC810\uC744 \uC9C0\uC815\uD569\uB2C8\uB2E4.\n -0 \uC800\uC7A5 \uC804\uC6A9: ZIP \uC555\uCD95\uC744 \uC0AC\uC6A9\uD558\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4.\n -P \uD30C\uC77C \uC774\uB984\uC5D0\uC11C \uC120\uD589 '/'(\uC808\uB300 \uACBD\uB85C) \uBC0F ".."(\uC0C1\uC704 \uB514\uB809\uD1A0\uB9AC) \uAD6C\uC131 \uC694\uC18C\uB97C \uC720\uC9C0\uD569\uB2C8\uB2E4.\n -M \uD56D\uBAA9\uC5D0 \uB300\uD574 Manifest \uD30C\uC77C\uC744 \uC0DD\uC131\uD558\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4.\n -i \uC9C0\uC815\uB41C jar \uD30C\uC77C\uC5D0 \uB300\uD55C \uC778\uB371\uC2A4 \uC815\uBCF4\uB97C \uC0DD\uC131\uD569\uB2C8\uB2E4.\n -C \uC9C0\uC815\uB41C \uB514\uB809\uD1A0\uB9AC\uB85C \uBCC0\uACBD\uD558\uACE0 \uB2E4\uC74C \uD30C\uC77C\uC744 \uD3EC\uD568\uD569\uB2C8\uB2E4.\n\uD2B9\uC815 \uD30C\uC77C\uC774 \uB514\uB809\uD1A0\uB9AC\uC77C \uACBD\uC6B0 \uC21C\uD658\uC801\uC73C\uB85C \uCC98\uB9AC\uB429\uB2C8\uB2E4.\nManifest \uD30C\uC77C \uC774\uB984, \uC544\uCE74\uC774\uBE0C \uD30C\uC77C \uC774\uB984 \uBC0F \uC2DC\uC791 \uC9C0\uC810 \uC774\uB984\uC740\n'm', 'f' \uBC0F 'e' \uD50C\uB798\uADF8\uC640 \uB3D9\uC77C\uD55C \uC21C\uC11C\uB85C \uC9C0\uC815\uB429\uB2C8\uB2E4.\n\n\uC608 1: classes.jar\uB77C\uB294 \uC544\uCE74\uC774\uBE0C\uC5D0 \uB450 \uD074\uB798\uC2A4 \uD30C\uC77C\uC744 \uC544\uCE74\uC774\uBE0C\uD558\uB294 \uBC29\uBC95: \n jar cvf classes.jar Foo.class Bar.class \n\uC608 2: \uAE30\uC874 Manifest \uD30C\uC77C 'mymanifest'\uB97C \uC0AC\uC6A9\uD558\uC5EC\n foo/ \uB514\uB809\uD1A0\uB9AC\uC758 \uBAA8\uB4E0 \uD30C\uC77C\uC744 'classes.jar'\uB85C \uC544\uCE74\uC774\uBE0C\uD558\uB294 \uBC29\uBC95: \n jar cvfm classes.jar mymanifest -C foo/ .
--- ./jdk/src/share/classes/sun/tools/jar/resources/jar_pt_BR.properties Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/sun/tools/jar/resources/jar_pt_BR.properties Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
#
-# Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -45,4 +45,4 @@
out.inflated=\ inflado: {0}
out.size=(entrada = {0}) (sa\u00EDda= {1})
-usage=Uso: jar {ctxui}[vfmn0Me] [jar-file] [manifest-file] [entry-point] [-C dir] arquivos ...\nOp\u00E7\u00F5es:\n -c cria novo arquivo compactado\n -t lista o sum\u00E1rio do arquivo compactado\n -x extrai arquivos com o nome (ou todos) do arquivo compactado\n -u atualiza o arquivo compactado existente\n -v gera sa\u00EDda detalhada na sa\u00EDda padr\u00E3o\n -f especifica o nome do arquivo do arquivo compactado\n -m inclui as informa\u00E7\u00F5es do manifesto do arquivo de manifesto especificado\n -n executa a normaliza\u00E7\u00E3o Pack200 ap\u00F3s a cria\u00E7\u00E3o de um novo arquivo compactado\n -e especifica o ponto de entrada da aplica\u00E7\u00E3o para aplica\u00E7\u00E3o stand-alone \n empacotada em um arquivo jar execut\u00E1vel\n -0 armazena somente; n\u00E3o usa compacta\u00E7\u00E3o ZIP\n -M n\u00E3o cria um arquivo de manifesto para as entradas\n -i gera informa\u00E7\u00F5es de \u00EDndice para os arquivos especificados\n -C passa para o diret\u00F3rio especificado e inclui o arquivo a seguir\nSe um arquivo tamb\u00E9m for um diret\u00F3rio, ele ser\u00E1 processado repetidamente.\nO nome do arquivo de manifesto, o nome do arquivo compactado e o nome do ponto de entrada s\u00E3o\nespecificados na mesma ordem dos flags 'm', 'f' e 'e'.\n\nExemplo 1: para arquivar dois arquivos de classe em um arquivo compactado denominado classes.jar: \n jar cvf classes.jar Foo.class Bar.class \nExemplo 2: use um arquivo de manifesto existente 'mymanifest' e arquive todos os\n arquivos no diret\u00F3rio foo/ na 'classes.jar': \n jar cvfm classes.jar mymanifest -C foo/ .\n
+usage=Uso: jar {ctxui}[vfmn0Me] [jar-file] [manifest-file] [entry-point] [-C dir] arquivos ...\nOp\u00E7\u00F5es:\n -c cria novo arquivo compactado\n -t lista o sum\u00E1rio do arquivo compactado\n -x extrai arquivos com o nome (ou todos) do arquivo compactado\n -u atualiza o arquivo compactado existente\n -v gera sa\u00EDda detalhada na sa\u00EDda padr\u00E3o\n -f especifica o nome do arquivo do arquivo compactado\n -m inclui as informa\u00E7\u00F5es do manifesto do arquivo de manifesto especificado\n -n executa a normaliza\u00E7\u00E3o Pack200 ap\u00F3s a cria\u00E7\u00E3o de um novo arquivo compactado\n -e especifica o ponto de entrada da aplica\u00E7\u00E3o para aplica\u00E7\u00E3o stand-alone \n empacotada em um arquivo jar execut\u00E1vel\n -0 armazena somente; n\u00E3o usa compacta\u00E7\u00E3o ZIP\n -P preserva os componentes '/' inicial (caminho absoluto) e ".." (diret\u00F3rio pai) nos nomes dos arquivos\n -M n\u00E3o cria um arquivo de manifesto para as entradas\n -i gera informa\u00E7\u00F5es de \u00EDndice para os arquivos especificados\n -C passa para o diret\u00F3rio especificado e inclui o arquivo a seguir\nSe um arquivo tamb\u00E9m for um diret\u00F3rio, ele ser\u00E1 processado repetidamente.\nO nome do arquivo de manifesto, o nome do arquivo compactado e o nome do ponto de entrada s\u00E3o\nespecificados na mesma ordem dos flags 'm', 'f' e 'e'.\n\nExemplo 1: para arquivar dois arquivos de classe em um arquivo compactado denominado classes.jar: \n jar cvf classes.jar Foo.class Bar.class \nExemplo 2: use um arquivo de manifesto existente 'mymanifest' e arquive todos os\n arquivos no diret\u00F3rio foo/ na 'classes.jar': \n jar cvfm classes.jar mymanifest -C foo/ .\n
--- ./jdk/src/share/classes/sun/tools/jar/resources/jar_sv.properties Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/sun/tools/jar/resources/jar_sv.properties Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
#
-# Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -45,4 +45,4 @@
out.inflated=\ uppackat: {0}
out.size=(in = {0}) (ut = {1})
-usage=Syntax: jar {ctxui}[vfmn0Me] [jar-fil] [manifestfil] [startpunkt] [-C katalog] filer ...\nAlternativ:\n -c skapa nytt arkiv\n -t lista inneh\u00E5llsf\u00F6rteckning f\u00F6r arkiv\n -x extrahera namngivna (eller alla) filer fr\u00E5n arkiv\n -u uppdatera befintligt arkiv\n -v generera utf\u00F6rliga utdata vid standardutmatning\n -f ange arkivfilens namn\n -m inkludera manifestinformation fr\u00E5n angivet manifest\n -n utf\u00F6r Pack200-normalisering efter att ha skapat ett nytt arkiv\n -e ange programstartpunkt f\u00F6r frist\u00E5ende applikation \n som medf\u00F6ljer i en jar-programfil\n -0 endast lagra (ingen zip-komprimering)\n -M skapa inte n\u00E5gon manifestfil f\u00F6r posterna\n -i generera indexinformation f\u00F6r de angivna jar-filerna\n -C \u00E4ndra till den angivna katalogen och inkludera f\u00F6ljande fil\nOm en fil \u00E4r en katalog bearbetas den rekursivt.\nNamnen p\u00E5 manifestfilen, arkivfilen och startpunkten anges\ni samma ordning som m-, f- och e-flaggorna.\n\nExempel 1: S\u00E5 h\u00E4r arkiverar du tv\u00E5 klassfiler i ett arkiv med namnet classes.jar: \n jar cvf classes.jar Foo.class Bar.class \nExempel 2: Anv\u00E4nd en befintlig manifestfil (mymanifest) och arkivera alla\n filer fr\u00E5n katalogen foo/ i classes.jar: \n jar cvfm classes.jar mymanifest -C foo/ .\n
+usage=Syntax: jar {ctxui}[vfmn0PMe] [jar-file] [manifest-file] [entry-point] [-C dir] files ...\nAlternativ:\n -c skapa nytt arkiv\n -t lista inneh\u00E5llsf\u00F6rteckning f\u00F6r arkiv\n -x extrahera namngivna (eller alla) filer fr\u00E5n arkivet\n -u uppdatera befintligt arkiv\n -v generera utf\u00F6rliga utdata vid standardutmatning\n -f ange arkivfilens namn\n -m inkludera manifestinformation fr\u00E5n angivet manifest\n -n utf\u00F6r Pack200-normalisering efter att ett nytt arkiv har skapats\n -e ange programstartpunkt f\u00F6r frist\u00E5ende applikation \n som medf\u00F6ljer i en jar-programfil\n -0 lagra endast; anv\u00E4nd inte zip-komprimering\n -P beh\u00E5ll komponenter f\u00F6r inledande '/' (absolut s\u00F6kv\u00E4g) och ".." (\u00F6verordnad katalog) fr\u00E5n filnamn\n -M skapa inte n\u00E5gon manifestfil f\u00F6r posterna\n -i generera indexinformation f\u00F6r de angivna jar-filerna\n -C \u00E4ndra till den angivna katalogen och inkludera f\u00F6ljande fil\nOm en fil \u00E4r en katalog bearbetas den rekursivt.\nNamnen p\u00E5 manifestfilen, arkivfilen och startpunkten anges i samma\nordning som flaggorna 'm', 'f' och 'e'.\n\nExempel 1: S\u00E5 h\u00E4r arkiverar du tv\u00E5 klassfiler i ett arkiv med namnet classes.jar: \n jar cvf classes.jar Foo.class Bar.class \nExempel 2: Anv\u00E4nd en befintlig manifestfil (mymanifest) och arkivera alla\n filer fr\u00E5n katalogen 'foo/' till 'classes.jar': \n jar cvfm classes.jar mymanifest -C foo/ .\n
--- ./jdk/src/share/classes/sun/tools/jar/resources/jar_zh_CN.properties Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/sun/tools/jar/resources/jar_zh_CN.properties Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
#
-# Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -45,4 +45,4 @@
out.inflated=\ \u5DF2\u89E3\u538B: {0}
out.size=(\u8F93\u5165 = {0}) (\u8F93\u51FA = {1})
-usage=\u7528\u6CD5: jar {ctxui}[vfmn0Me] [jar-file] [manifest-file] [entry-point] [-C dir] files ...\n\u9009\u9879:\n -c \u521B\u5EFA\u65B0\u6863\u6848\n -t \u5217\u51FA\u6863\u6848\u76EE\u5F55\n -x \u4ECE\u6863\u6848\u4E2D\u63D0\u53D6\u6307\u5B9A\u7684 (\u6216\u6240\u6709) \u6587\u4EF6\n -u \u66F4\u65B0\u73B0\u6709\u6863\u6848\n -v \u5728\u6807\u51C6\u8F93\u51FA\u4E2D\u751F\u6210\u8BE6\u7EC6\u8F93\u51FA\n -f \u6307\u5B9A\u6863\u6848\u6587\u4EF6\u540D\n -m \u5305\u542B\u6307\u5B9A\u6E05\u5355\u6587\u4EF6\u4E2D\u7684\u6E05\u5355\u4FE1\u606F\n -n \u521B\u5EFA\u65B0\u6863\u6848\u540E\u6267\u884C Pack200 \u89C4\u8303\u5316\n -e \u4E3A\u7ED1\u5B9A\u5230\u53EF\u6267\u884C jar \u6587\u4EF6\u7684\u72EC\u7ACB\u5E94\u7528\u7A0B\u5E8F\n \u6307\u5B9A\u5E94\u7528\u7A0B\u5E8F\u5165\u53E3\u70B9\n -0 \u4EC5\u5B58\u50A8; \u4E0D\u4F7F\u7528\u4EFB\u4F55 ZIP \u538B\u7F29\n -M \u4E0D\u521B\u5EFA\u6761\u76EE\u7684\u6E05\u5355\u6587\u4EF6\n -i \u4E3A\u6307\u5B9A\u7684 jar \u6587\u4EF6\u751F\u6210\u7D22\u5F15\u4FE1\u606F\n -C \u66F4\u6539\u4E3A\u6307\u5B9A\u7684\u76EE\u5F55\u5E76\u5305\u542B\u4EE5\u4E0B\u6587\u4EF6\n\u5982\u679C\u4EFB\u4F55\u6587\u4EF6\u4E3A\u76EE\u5F55, \u5219\u5BF9\u5176\u8FDB\u884C\u9012\u5F52\u5904\u7406\u3002\n\u6E05\u5355\u6587\u4EF6\u540D, \u6863\u6848\u6587\u4EF6\u540D\u548C\u5165\u53E3\u70B9\u540D\u79F0\u7684\u6307\u5B9A\u987A\u5E8F\n\u4E0E 'm', 'f' \u548C 'e' \u6807\u8BB0\u7684\u6307\u5B9A\u987A\u5E8F\u76F8\u540C\u3002\n\n\u793A\u4F8B 1: \u5C06\u4E24\u4E2A\u7C7B\u6587\u4EF6\u5F52\u6863\u5230\u4E00\u4E2A\u540D\u4E3A classes.jar \u7684\u6863\u6848\u4E2D: \n jar cvf classes.jar Foo.class Bar.class \n\u793A\u4F8B 2: \u4F7F\u7528\u73B0\u6709\u7684\u6E05\u5355\u6587\u4EF6 'mymanifest' \u5E76\n \u5C06 foo/ \u76EE\u5F55\u4E2D\u7684\u6240\u6709\u6587\u4EF6\u5F52\u6863\u5230 'classes.jar' \u4E2D: \n jar cvfm classes.jar mymanifest -C foo/ .\n
+usage=\u7528\u6CD5: jar {ctxui}[vfmn0PMe] [jar-file] [manifest-file] [entry-point] [-C dir] files ...\n\u9009\u9879:\n -c \u521B\u5EFA\u65B0\u6863\u6848\n -t \u5217\u51FA\u6863\u6848\u76EE\u5F55\n -x \u4ECE\u6863\u6848\u4E2D\u63D0\u53D6\u6307\u5B9A\u7684 (\u6216\u6240\u6709) \u6587\u4EF6\n -u \u66F4\u65B0\u73B0\u6709\u6863\u6848\n -v \u5728\u6807\u51C6\u8F93\u51FA\u4E2D\u751F\u6210\u8BE6\u7EC6\u8F93\u51FA\n -f \u6307\u5B9A\u6863\u6848\u6587\u4EF6\u540D\n -m \u5305\u542B\u6307\u5B9A\u6E05\u5355\u6587\u4EF6\u4E2D\u7684\u6E05\u5355\u4FE1\u606F\n -n \u521B\u5EFA\u65B0\u6863\u6848\u540E\u6267\u884C Pack200 \u89C4\u8303\u5316\n -e \u4E3A\u6346\u7ED1\u5230\u53EF\u6267\u884C jar \u6587\u4EF6\u7684\u72EC\u7ACB\u5E94\u7528\u7A0B\u5E8F\n \u6307\u5B9A\u5E94\u7528\u7A0B\u5E8F\u5165\u53E3\u70B9\n -0 \u4EC5\u5B58\u50A8; \u4E0D\u4F7F\u7528\u4EFB\u4F55 ZIP \u538B\u7F29\n -P \u4FDD\u7559\u6587\u4EF6\u540D\u4E2D\u7684\u524D\u5BFC '/' (\u7EDD\u5BF9\u8DEF\u5F84) \u548C ".." (\u7236\u76EE\u5F55) \u7EC4\u4EF6\n -M \u4E0D\u521B\u5EFA\u6761\u76EE\u7684\u6E05\u5355\u6587\u4EF6\n -i \u4E3A\u6307\u5B9A\u7684 jar \u6587\u4EF6\u751F\u6210\u7D22\u5F15\u4FE1\u606F\n -C \u66F4\u6539\u4E3A\u6307\u5B9A\u7684\u76EE\u5F55\u5E76\u5305\u542B\u4EE5\u4E0B\u6587\u4EF6\n\u5982\u679C\u4EFB\u4F55\u6587\u4EF6\u4E3A\u76EE\u5F55, \u5219\u5BF9\u5176\u8FDB\u884C\u9012\u5F52\u5904\u7406\u3002\n\u6E05\u5355\u6587\u4EF6\u540D, \u6863\u6848\u6587\u4EF6\u540D\u548C\u5165\u53E3\u70B9\u540D\u79F0\u7684\u6307\u5B9A\u987A\u5E8F\n\u4E0E 'm', 'f' \u548C 'e' \u6807\u8BB0\u7684\u6307\u5B9A\u987A\u5E8F\u76F8\u540C\u3002\n\n\u793A\u4F8B 1: \u5C06\u4E24\u4E2A\u7C7B\u6587\u4EF6\u5F52\u6863\u5230\u4E00\u4E2A\u540D\u4E3A classes.jar \u7684\u6863\u6848\u4E2D: \n jar cvf classes.jar Foo.class Bar.class \n\u793A\u4F8B 2: \u4F7F\u7528\u73B0\u6709\u7684\u6E05\u5355\u6587\u4EF6 'mymanifest' \u5E76\n \u5C06 foo/ \u76EE\u5F55\u4E2D\u7684\u6240\u6709\u6587\u4EF6\u5F52\u6863\u5230 'classes.jar' \u4E2D: \n jar cvfm classes.jar mymanifest -C foo/ .\n
--- ./jdk/src/share/classes/sun/tools/jar/resources/jar_zh_TW.properties Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/sun/tools/jar/resources/jar_zh_TW.properties Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
#
-# Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
@@ -45,4 +45,4 @@
out.inflated=\ \u64F4\u5C55: {0}
out.size=\ (\u8B80={0})(\u5BEB={1})
-usage=\u7528\u6CD5: jar {ctxui}[vfmn0Me] [jar-file] [manifest-file] [entry-point] [-C dir] \u6A94\u6848 ...\n\u9078\u9805:\n -c \u5EFA\u7ACB\u65B0\u7684\u6B78\u6A94\n -t \u5217\u51FA\u6B78\u6A94\u7684\u76EE\u9304\n -x \u5F9E\u6B78\u6A94\u4E2D\u64F7\u53D6\u5DF2\u547D\u540D\u7684 (\u6216\u6240\u6709) \u6A94\u6848\n -u \u66F4\u65B0\u73FE\u6709\u6B78\u6A94\n -v \u5728\u6A19\u6E96\u8F38\u51FA\u4E2D\u7522\u751F\u8A73\u7D30\u8F38\u51FA\n -f \u6307\u5B9A\u6B78\u6A94\u6A94\u6848\u540D\u7A31\n -m \u5305\u542B\u6307\u5B9A\u8CC7\u8A0A\u6E05\u55AE\u4E2D\u7684\u8CC7\u8A0A\u6E05\u55AE\u8CC7\u8A0A\n -n \u5728\u5EFA\u7ACB\u65B0\u6B78\u6A94\u4E4B\u5F8C\u57F7\u884C Pack200 \u6B63\u898F\u5316\n -e \u70BA\u5DF2\u96A8\u9644\u65BC\u53EF\u57F7\u884C jar \u6A94\u6848\u4E2D\u7684\u7368\u7ACB\u61C9\u7528\u7A0B\u5F0F\n \u6307\u5B9A\u61C9\u7528\u7A0B\u5F0F\u9032\u5165\u9EDE\n -0 \u50C5\u5132\u5B58; \u4E0D\u4F7F\u7528 ZIP \u58D3\u7E2E\u65B9\u5F0F\n -M \u4E0D\u70BA\u9805\u76EE\u5EFA\u7ACB\u8CC7\u8A0A\u6E05\u55AE\u6A94\u6848\n -i \u70BA\u6307\u5B9A\u7684 jar \u6A94\u6848\u7522\u751F\u7D22\u5F15\u8CC7\u8A0A\n -C \u8B8A\u66F4\u81F3\u6307\u5B9A\u76EE\u9304\u4E26\u5305\u542B\u5F8C\u9762\u6240\u5217\u7684\u6A94\u6848\n\u5982\u679C\u6709\u4EFB\u4F55\u6A94\u6848\u662F\u76EE\u9304\uFF0C\u5247\u6703\u5C0D\u5176\u9032\u884C\u905E\u8FF4\u8655\u7406\u3002\n\u6E05\u55AE\u6A94\u6848\u540D\u7A31\u3001\u6B78\u6A94\u6A94\u6848\u540D\u7A31\u548C\u9032\u5165\u9EDE\u540D\u7A31\n\u7684\u6307\u5B9A\u9806\u5E8F\u8207\u6307\u5B9A 'm' \u65D7\u6A19\u3001'f' \u65D7\u6A19\u548C 'e' \u65D7\u6A19\u7684\u9806\u5E8F\u76F8\u540C\u3002\n\n\u7BC4\u4F8B 1: \u5C07\u5169\u500B\u985E\u5225\u6A94\u6848\u6B78\u6A94\u81F3\u540D\u70BA classes.jar \u7684\u6B78\u6A94\u4E2D: \n jar cvf classes.jar Foo.class Bar.class\n\u7BC4\u4F8B 2: \u4F7F\u7528\u73FE\u6709\u8CC7\u8A0A\u6E05\u55AE\u6A94\u6848 'mymanifest' \u4E26\u5C07\n foo/ \u76EE\u9304\u4E2D\u7684\u6240\u6709\u6A94\u6848\u6B78\u6A94\u81F3 'classes.jar' \u4E2D: \n jar cvfm classes.jar mymanifest -C foo/ .\n
+usage=\u7528\u6CD5: jar {ctxui}[vfmn0PMe] [jar-file] [manifest-file] [entry-point] [-C dir] \u6A94\u6848 ...\n\u9078\u9805:\n -c \u5EFA\u7ACB\u65B0\u7684\u6B78\u6A94\n -t \u5217\u51FA\u6B78\u6A94\u7684\u76EE\u9304\n -x \u5F9E\u6B78\u6A94\u4E2D\u64F7\u53D6\u6307\u5B9A (\u6216\u6240\u6709) \u6A94\u6848\n -u \u66F4\u65B0\u73FE\u6709\u6B78\u6A94\n -v \u5728\u6A19\u6E96\u8F38\u51FA\u4E2D\u7522\u751F\u8A73\u7D30\u8F38\u51FA\n -f \u6307\u5B9A\u6B78\u6A94\u6A94\u6848\u540D\u7A31\n -m \u5305\u542B\u6307\u5B9A\u8CC7\u8A0A\u6E05\u55AE\u4E2D\u7684\u8CC7\u8A0A\u6E05\u55AE\u8CC7\u8A0A\n -n \u5728\u5EFA\u7ACB\u65B0\u6B78\u6A94\u4E4B\u5F8C\u57F7\u884C Pack200 \u6B63\u898F\u5316\n -e \u70BA\u5DF2\u96A8\u9644\u65BC\u53EF\u57F7\u884C jar \u6A94\u6848\u4E2D\u7684\u7368\u7ACB\u61C9\u7528\u7A0B\u5F0F\n \u6307\u5B9A\u61C9\u7528\u7A0B\u5F0F\u9032\u5165\u9EDE\n -0 \u50C5\u5132\u5B58; \u4E0D\u4F7F\u7528 ZIP \u58D3\u7E2E\u65B9\u5F0F\n -P \u4FDD\u7559\u6A94\u6848\u540D\u7A31\u524D\u9762\u7684 '/' (\u7D55\u5C0D\u8DEF\u5F91) \u548C ".." (\u4E0A\u5C64\u76EE\u9304) \u5143\u4EF6\n -M \u4E0D\u70BA\u9805\u76EE\u5EFA\u7ACB\u8CC7\u8A0A\u6E05\u55AE\u6A94\u6848\n -i \u70BA\u6307\u5B9A\u7684 jar \u6A94\u6848\u7522\u751F\u7D22\u5F15\u8CC7\u8A0A\n -C \u8B8A\u66F4\u81F3\u6307\u5B9A\u76EE\u9304\u4E26\u5305\u542B\u5F8C\u9762\u6240\u5217\u7684\u6A94\u6848\n\u5982\u679C\u6709\u4EFB\u4F55\u6A94\u6848\u662F\u76EE\u9304\uFF0C\u5247\u6703\u5C0D\u5176\u9032\u884C\u905E\u8FF4\u8655\u7406\u3002\n\u8CC7\u8A0A\u6E05\u55AE\u6A94\u6848\u540D\u7A31\u3001\u6B78\u6A94\u6A94\u6848\u540D\u7A31\u548C\u9032\u5165\u9EDE\u540D\u7A31\n\u7684\u6307\u5B9A\u9806\u5E8F\u8207\u6307\u5B9A 'm' \u65D7\u6A19\u3001'f' \u65D7\u6A19\u548C 'e' \u65D7\u6A19\u7684\u9806\u5E8F\u76F8\u540C\u3002\n\n\u7BC4\u4F8B 1: \u5C07\u5169\u500B\u985E\u5225\u6A94\u6848\u6B78\u6A94\u81F3\u540D\u70BA classes.jar \u7684\u6B78\u6A94\u4E2D: \n jar cvf classes.jar Foo.class Bar.class\n\u7BC4\u4F8B 2: \u4F7F\u7528\u73FE\u6709\u8CC7\u8A0A\u6E05\u55AE\u6A94\u6848 'mymanifest' \u4E26\u5C07\n foo/ \u76EE\u9304\u4E2D\u7684\u6240\u6709\u6A94\u6848\u6B78\u6A94\u81F3 'classes.jar' \u4E2D: \n jar cvfm classes.jar mymanifest -C foo/ .\n
--- ./jdk/src/share/classes/sun/util/calendar/ZoneInfoFile.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/sun/util/calendar/ZoneInfoFile.java Tue Jun 02 13:49:09 2015 +0300
@@ -625,6 +625,15 @@
params[2] = 5;
params[3] = 86400000;
}
+ // Additional check for startDayOfWeek=6 and starTime=86400000
+ // is needed for Asia/Amman; Asia/Gasa and Asia/Hebron
+ if (params[2] == 7 && params[3] == 0 &&
+ (zoneId.equals("Asia/Amman") ||
+ zoneId.equals("Asia/Gaza") ||
+ zoneId.equals("Asia/Hebron"))) {
+ params[2] = 6; // Friday
+ params[3] = 86400000; // 24h
+ }
//endDayOfWeek and endTime workaround
if (params[7] == 6 && params[8] == 0 &&
(zoneId.equals("Africa/Cairo"))) {
--- ./jdk/src/share/classes/sun/util/resources/TimeZoneNames.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/sun/util/resources/TimeZoneNames.java Tue Jun 02 13:49:09 2015 +0300
@@ -152,9 +152,6 @@
String GST[] = new String[] {"Gulf Standard Time", "GST",
"Gulf Daylight Time", "GDT",
"Gulf Time", "GT"};
- String HAST[] = new String[] {"Hawaii-Aleutian Standard Time", "HAST",
- "Hawaii-Aleutian Daylight Time", "HADT",
- "Hawaii-Aleutian Time", "HAT"};
String HKT[] = new String[] {"Hong Kong Time", "HKT",
"Hong Kong Summer Time", "HKST",
"Hong Kong Time", "HKT"};
@@ -371,7 +368,7 @@
{"Africa/Tripoli", EET},
{"Africa/Tunis", CET},
{"Africa/Windhoek", WAT},
- {"America/Adak", HAST},
+ {"America/Adak", HST},
{"America/Anguilla", AST},
{"America/Antigua", AST},
{"America/Araguaina", BRT},
@@ -393,7 +390,7 @@
"Paraguay Summer Time", "PYST",
"Paraguay Time", "PYT"}},
{"America/Atikokan", EST},
- {"America/Atka", HAST},
+ {"America/Atka", HST},
{"America/Bahia", BRT},
{"America/Bahia_Banderas", CST},
{"America/Barbados", AST},
@@ -1024,7 +1021,7 @@
{"UCT", UTC},
{"Universal", UTC},
{"US/Alaska", AKST},
- {"US/Aleutian", HAST},
+ {"US/Aleutian", HST},
{"US/Arizona", MST},
{"US/Central", CST},
{"US/Eastern", EST},
--- ./jdk/src/share/classes/sun/util/resources/de/TimeZoneNames_de.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/sun/util/resources/de/TimeZoneNames_de.java Tue Jun 02 13:49:09 2015 +0300
@@ -153,9 +153,6 @@
String GST[] = new String[] {"Golf Normalzeit", "GST",
"Golf Sommerzeit", "GDT",
"Zeitzone f\u00FCr Persischen Golf", "GT"};
- String HAST[] = new String[] {"Hawaii-Aleutische Normalzeit", "HAST",
- "Hawaii-Aleutische Sommerzeit", "HADT",
- "Zeitzone f\u00FCr Hawaii und Al\u00EButen", "HAT"};
String HKT[] = new String[] {"Hongkong Zeit", "HKT",
"Hongkong Sommerzeit", "HKST",
"Hongkong Zeit", "HKT"};
@@ -372,7 +369,7 @@
{"Africa/Tripoli", EET},
{"Africa/Tunis", CET},
{"Africa/Windhoek", WAT},
- {"America/Adak", HAST},
+ {"America/Adak", HST},
{"America/Anguilla", AST},
{"America/Antigua", AST},
{"America/Araguaina", BRT},
@@ -394,7 +391,7 @@
"Paraguay Sommerzeit", "PYST",
"Paraguay Zeit", "PYT"}},
{"America/Atikokan", EST},
- {"America/Atka", HAST},
+ {"America/Atka", HST},
{"America/Bahia", BRT},
{"America/Bahia_Banderas", CST},
{"America/Barbados", AST},
@@ -1024,7 +1021,7 @@
{"UCT", UTC},
{"Universal", UTC},
{"US/Alaska", AKST},
- {"US/Aleutian", HAST},
+ {"US/Aleutian", HST},
{"US/Arizona", MST},
{"US/Central", CST},
{"US/Eastern", EST},
--- ./jdk/src/share/classes/sun/util/resources/es/TimeZoneNames_es.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/sun/util/resources/es/TimeZoneNames_es.java Tue Jun 02 13:49:09 2015 +0300
@@ -153,9 +153,6 @@
String GST[] = new String[] {"Hora est\u00e1ndar del Golfo", "GST",
"Hora de verano del Golfo", "GDT",
"Hora del Golfo", "GT"};
- String HAST[] = new String[] {"Hora est\u00e1ndar de Hawaii-Aleutianas", "HAST",
- "Hora de verano de Hawaii-Aleutianas", "HADT",
- "Hora de Hawaii-Aleutian", "HAT"};
String HKT[] = new String[] {"Hora de Hong Kong", "HKT",
"Hora de verano de Hong Kong", "HKST",
"Hora de Hong Kong", "HKT"};
@@ -372,7 +369,7 @@
{"Africa/Tripoli", EET},
{"Africa/Tunis", CET},
{"Africa/Windhoek", WAT},
- {"America/Adak", HAST},
+ {"America/Adak", HST},
{"America/Anguilla", AST},
{"America/Antigua", AST},
{"America/Araguaina", BRT},
@@ -394,7 +391,7 @@
"Hora de verano de Paraguay", "PYST",
"Hora de Paraguay", "PYT"}},
{"America/Atikokan", EST},
- {"America/Atka", HAST},
+ {"America/Atka", HST},
{"America/Bahia", BRT},
{"America/Bahia_Banderas", CST},
{"America/Barbados", AST},
@@ -1024,7 +1021,7 @@
{"UCT", UTC},
{"Universal", UTC},
{"US/Alaska", AKST},
- {"US/Aleutian", HAST},
+ {"US/Aleutian", HST},
{"US/Arizona", MST},
{"US/Central", CST},
{"US/Eastern", EST},
--- ./jdk/src/share/classes/sun/util/resources/fr/TimeZoneNames_fr.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/sun/util/resources/fr/TimeZoneNames_fr.java Tue Jun 02 13:49:09 2015 +0300
@@ -153,9 +153,6 @@
String GST[] = new String[] {"Heure normale du Golfe", "GST",
"Heure avanc\u00e9e du Golfe", "GDT",
"Golfe", "GT"} ;
- String HAST[] = new String[] {"Heure normale d'Hawa\u00ef-Al\u00e9outiennes", "HAST",
- "Heure avanc\u00e9e d'Hawa\u00ef-Al\u00e9outiennes", "HADT",
- "Hawa\u00EF-Iles Al\u00E9outiennes", "HAT"} ;
String HKT[] = new String[] {"Heure de Hong Kong", "HKT",
"Heure d'\u00e9t\u00e9 de Hong Kong", "HKST",
"Heure de Hong-Kong", "HKT"};
@@ -372,7 +369,7 @@
{"Africa/Tripoli", EET},
{"Africa/Tunis", CET},
{"Africa/Windhoek", WAT},
- {"America/Adak", HAST},
+ {"America/Adak", HST},
{"America/Anguilla", AST},
{"America/Antigua", AST},
{"America/Araguaina", BRT},
@@ -394,7 +391,7 @@
"Heure d'\u00e9t\u00e9 du Paraguay", "PYST",
"Heure du Paraguay", "PYT"}},
{"America/Atikokan", EST},
- {"America/Atka", HAST},
+ {"America/Atka", HST},
{"America/Bahia", BRT},
{"America/Bahia_Banderas", CST},
{"America/Barbados", AST},
@@ -1024,7 +1021,7 @@
{"UCT", UTC},
{"Universal", UTC},
{"US/Alaska", AKST},
- {"US/Aleutian", HAST},
+ {"US/Aleutian", HST},
{"US/Arizona", MST},
{"US/Central", CST},
{"US/Eastern", EST},
--- ./jdk/src/share/classes/sun/util/resources/it/TimeZoneNames_it.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/sun/util/resources/it/TimeZoneNames_it.java Tue Jun 02 13:49:09 2015 +0300
@@ -153,9 +153,6 @@
String GST[] = new String[] {"Ora solare del golfo", "GST",
"Ora legale del golfo", "GDT",
"Ora del golfo", "GT"};
- String HAST[] = new String[] {"Ora solare delle Isole Hawaii-Aleutine", "HAST",
- "Ora solare delle Isole Hawaii-Aleutine", "HADT",
- "Ora Hawaii-Aleutine", "HAT"};
String HKT[] = new String[] {"Ora di Hong Kong", "HKT",
"Ora estiva di Hong Kong", "HKST",
"Ora di Hong Kong", "HKT"};
@@ -372,7 +369,7 @@
{"Africa/Tripoli", EET},
{"Africa/Tunis", CET},
{"Africa/Windhoek", WAT},
- {"America/Adak", HAST},
+ {"America/Adak", HST},
{"America/Anguilla", AST},
{"America/Antigua", AST},
{"America/Araguaina", BRT},
@@ -394,7 +391,7 @@
"Ora estiva del Paraguay", "PYST",
"Ora del Paraguay", "PYT"}},
{"America/Atikokan", EST},
- {"America/Atka", HAST},
+ {"America/Atka", HST},
{"America/Bahia", BRT},
{"America/Bahia_Banderas", CST},
{"America/Barbados", AST},
@@ -1024,7 +1021,7 @@
{"UCT", UTC},
{"Universal", UTC},
{"US/Alaska", AKST},
- {"US/Aleutian", HAST},
+ {"US/Aleutian", HST},
{"US/Arizona", MST},
{"US/Central", CST},
{"US/Eastern", EST},
--- ./jdk/src/share/classes/sun/util/resources/ja/TimeZoneNames_ja.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/sun/util/resources/ja/TimeZoneNames_ja.java Tue Jun 02 13:49:09 2015 +0300
@@ -153,9 +153,6 @@
String GST[] = new String[] {"\u6e7e\u5cb8\u6a19\u6e96\u6642", "GST",
"\u6e7e\u5cb8\u590f\u6642\u9593", "GDT",
"\u6E7E\u5CB8\u6642\u9593", "GT"};
- String HAST[] = new String[] {"\u30cf\u30ef\u30a4 - \u30a2\u30ea\u30e5\u30fc\u30b7\u30e3\u30f3\u6a19\u6e96\u6642", "HAST",
- "\u30cf\u30ef\u30a4 - \u30a2\u30ea\u30e5\u30fc\u30b7\u30e3\u30f3\u590f\u6642\u9593", "HADT",
- "\u30CF\u30EF\u30A4\u30FB\u30A2\u30EA\u30E5\u30FC\u30B7\u30E3\u30F3\u6642\u9593", "HAT"};
String HKT[] = new String[] {"\u9999\u6e2f\u6642\u9593", "HKT",
"\u9999\u6e2f\u590f\u6642\u9593", "HKST",
"\u9999\u6E2F\u6642\u9593", "HKT"};
@@ -372,7 +369,7 @@
{"Africa/Tripoli", EET},
{"Africa/Tunis", CET},
{"Africa/Windhoek", WAT},
- {"America/Adak", HAST},
+ {"America/Adak", HST},
{"America/Anguilla", AST},
{"America/Antigua", AST},
{"America/Araguaina", BRT},
@@ -394,7 +391,7 @@
"\u30d1\u30e9\u30b0\u30a2\u30a4\u590f\u6642\u9593", "PYST",
"\u30D1\u30E9\u30B0\u30A2\u30A4\u6642\u9593", "PYT"}},
{"America/Atikokan", EST},
- {"America/Atka", HAST},
+ {"America/Atka", HST},
{"America/Bahia", BRT},
{"America/Bahia_Banderas", CST},
{"America/Barbados", AST},
@@ -1024,7 +1021,7 @@
{"UCT", UTC},
{"Universal", UTC},
{"US/Alaska", AKST},
- {"US/Aleutian", HAST},
+ {"US/Aleutian", HST},
{"US/Arizona", MST},
{"US/Central", CST},
{"US/Eastern", EST},
--- ./jdk/src/share/classes/sun/util/resources/ko/TimeZoneNames_ko.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/sun/util/resources/ko/TimeZoneNames_ko.java Tue Jun 02 13:49:09 2015 +0300
@@ -153,9 +153,6 @@
String GST[] = new String[] {"\uac78\ud504\ub9cc \ud45c\uc900\uc2dc", "GST",
"\uac78\ud504\ub9cc \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "GDT",
"\uAC78\uD504\uB9CC \uD45C\uC900\uC2DC", "GT"};
- String HAST[] = new String[] {"\ud558\uc640\uc774 \uc54c\ub958\uc0e8 \ud45c\uc900\uc2dc", "HAST",
- "\ud558\uc640\uc774 \uc54c\ub958\uc0e8 \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "HADT",
- "\uD558\uC640\uC774-\uC54C\uB8E8\uC0E8 \uD45C\uC900\uC2DC", "HAT"};
String HKT[] = new String[] {"\ud64d\ucf69 \uc2dc\uac04", "HKT",
"\ud64d\ucf69 \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "HKST",
"\uD64D\uCF69 \uD45C\uC900\uC2DC", "HKT"};
@@ -372,7 +369,7 @@
{"Africa/Tripoli", EET},
{"Africa/Tunis", CET},
{"Africa/Windhoek", WAT},
- {"America/Adak", HAST},
+ {"America/Adak", HST},
{"America/Anguilla", AST},
{"America/Antigua", AST},
{"America/Araguaina", BRT},
@@ -394,7 +391,7 @@
"\ud30c\ub77c\uacfc\uc774 \uc77c\uad11\uc808\uc57d\uc2dc\uac04", "PYST",
"\uD30C\uB77C\uACFC\uC774 \uD45C\uC900\uC2DC", "PYT"}},
{"America/Atikokan", EST},
- {"America/Atka", HAST},
+ {"America/Atka", HST},
{"America/Bahia", BRT},
{"America/Bahia_Banderas", CST},
{"America/Barbados", AST},
@@ -1024,7 +1021,7 @@
{"UCT", UTC},
{"Universal", UTC},
{"US/Alaska", AKST},
- {"US/Aleutian", HAST},
+ {"US/Aleutian", HST},
{"US/Arizona", MST},
{"US/Central", CST},
{"US/Eastern", EST},
--- ./jdk/src/share/classes/sun/util/resources/pt/TimeZoneNames_pt_BR.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/sun/util/resources/pt/TimeZoneNames_pt_BR.java Tue Jun 02 13:49:09 2015 +0300
@@ -150,9 +150,6 @@
String GST[] = new String[] {"Fuso hor\u00e1rio padr\u00e3o do golfo", "GST",
"Hor\u00e1rio de luz natural do golfo", "GDT",
"Hor\u00E1rio do Golfo", "GT"};
- String HAST[] = new String[] {"Fuso hor\u00e1rio padr\u00e3o do Hava\u00ed-Aleutian", "HAST",
- "Hor\u00e1rio de luz natural do Hava\u00ed-Aleutian", "HADT",
- "Hor\u00E1rio do Hava\u00ED-Aleutas", "HAT"};
String HKT[] = new String[] {"Fuso hor\u00e1rio de Hong Kong", "HKT",
"Fuso hor\u00e1rio de ver\u00e3o de Hong Kong", "HKST",
"Hor\u00E1rio de Hong Kong", "HKT"};
@@ -372,7 +369,7 @@
{"Africa/Tripoli", EET},
{"Africa/Tunis", CET},
{"Africa/Windhoek", WAT},
- {"America/Adak", HAST},
+ {"America/Adak", HST},
{"America/Anguilla", AST},
{"America/Antigua", AST},
{"America/Araguaina", BRT},
@@ -394,7 +391,7 @@
"Fuso hor\u00e1rio de ver\u00e3o do Paraguai", "PYST",
"Hor\u00E1rio do Paraguai", "PYT"}},
{"America/Atikokan", EST},
- {"America/Atka", HAST},
+ {"America/Atka", HST},
{"America/Bahia", BRT},
{"America/Bahia_Banderas", CST},
{"America/Barbados", AST},
@@ -1024,7 +1021,7 @@
{"UCT", UTC},
{"Universal", UTC},
{"US/Alaska", AKST},
- {"US/Aleutian", HAST},
+ {"US/Aleutian", HST},
{"US/Arizona", MST},
{"US/Central", CST},
{"US/Eastern", EST},
--- ./jdk/src/share/classes/sun/util/resources/sv/TimeZoneNames_sv.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/sun/util/resources/sv/TimeZoneNames_sv.java Tue Jun 02 13:49:09 2015 +0300
@@ -153,9 +153,6 @@
String GST[] = new String[] {"Gulf-normaltid", "GST",
"Gulf-sommartid", "GDT",
"Golfens tid", "GT"};
- String HAST[] = new String[] {"Hawaii-Aleuterna, normaltid", "HAST",
- "Hawaii-Aleuterna, sommartid", "HADT",
- "Hawaiiansk-aleutisk tid", "HAT"};
String HKT[] = new String[] {"Hong Kong, normaltid", "HKT",
"Hong Kong, sommartid", "HKST",
"Hongkong-tid", "HKT"};
@@ -372,7 +369,7 @@
{"Africa/Tripoli", EET},
{"Africa/Tunis", CET},
{"Africa/Windhoek", WAT},
- {"America/Adak", HAST},
+ {"America/Adak", HST},
{"America/Anguilla", AST},
{"America/Antigua", AST},
{"America/Araguaina", BRT},
@@ -394,7 +391,7 @@
"Paraguay, sommartid", "PYST",
"Paraguayansk tid", "PYT"}},
{"America/Atikokan", EST},
- {"America/Atka", HAST},
+ {"America/Atka", HST},
{"America/Bahia", BRT},
{"America/Bahia_Banderas", CST},
{"America/Barbados", AST},
@@ -1024,7 +1021,7 @@
{"UCT", UTC},
{"Universal", UTC},
{"US/Alaska", AKST},
- {"US/Aleutian", HAST},
+ {"US/Aleutian", HST},
{"US/Arizona", MST},
{"US/Central", CST},
{"US/Eastern", EST},
--- ./jdk/src/share/classes/sun/util/resources/zh/TimeZoneNames_zh_CN.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/sun/util/resources/zh/TimeZoneNames_zh_CN.java Tue Jun 02 13:49:09 2015 +0300
@@ -153,9 +153,6 @@
String GST[] = new String[] {"\u6ce2\u65af\u6e7e\u6807\u51c6\u65f6\u95f4", "GST",
"\u6ce2\u65af\u6e7e\u590f\u4ee4\u65f6", "GDT",
"\u6D77\u6E7E\u65F6\u95F4", "GT"};
- String HAST[] = new String[] {"\u590f\u5a01\u5937-\u963f\u7559\u7533\u7fa4\u5c9b\u6807\u51c6\u65f6\u95f4", "HAST",
- "\u590f\u5a01\u5937-\u963f\u7559\u7533\u7fa4\u5c9b\u590f\u4ee4\u65f6", "HADT",
- "\u590F\u5A01\u5937-\u963F\u7559\u7533\u65F6\u95F4", "HAT"};
String HKT[] = new String[] {"\u9999\u6e2f\u65f6\u95f4", "HKT",
"\u9999\u6e2f\u590f\u4ee4\u65f6", "HKST",
"\u9999\u6E2F\u65F6\u95F4", "HKT"};
@@ -372,7 +369,7 @@
{"Africa/Tripoli", EET},
{"Africa/Tunis", CET},
{"Africa/Windhoek", WAT},
- {"America/Adak", HAST},
+ {"America/Adak", HST},
{"America/Anguilla", AST},
{"America/Antigua", AST},
{"America/Araguaina", BRT},
@@ -394,7 +391,7 @@
"\u5df4\u62c9\u572d\u590f\u4ee4\u65f6", "PYST",
"\u5DF4\u62C9\u572D\u65F6\u95F4", "PYT"}},
{"America/Atikokan", EST},
- {"America/Atka", HAST},
+ {"America/Atka", HST},
{"America/Bahia", BRT},
{"America/Bahia_Banderas", CST},
{"America/Barbados", AST},
@@ -1024,7 +1021,7 @@
{"UCT", UTC},
{"Universal", UTC},
{"US/Alaska", AKST},
- {"US/Aleutian", HAST},
+ {"US/Aleutian", HST},
{"US/Arizona", MST},
{"US/Central", CST},
{"US/Eastern", EST},
--- ./jdk/src/share/classes/sun/util/resources/zh/TimeZoneNames_zh_TW.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/classes/sun/util/resources/zh/TimeZoneNames_zh_TW.java Tue Jun 02 13:49:09 2015 +0300
@@ -153,9 +153,6 @@
String GST[] = new String[] {"\u6ce2\u65af\u7063\u6a19\u6e96\u6642\u9593", "GST",
"\u6ce2\u65af\u7063\u65e5\u5149\u7bc0\u7d04\u6642\u9593", "GDT",
"\u6CE2\u65AF\u7063\u6642\u9593", "GT"};
- String HAST[] = new String[] {"\u590f\u5a01\u5937-\u963f\u7559\u7533\u7fa4\u5cf6\u6a19\u6e96\u6642\u9593", "HAST",
- "\u590f\u5a01\u5937-\u963f\u7559\u7533\u7fa4\u5cf6\u65e5\u5149\u7bc0\u7d04\u6642\u9593", "HADT",
- "\u590F\u5A01\u5937-\u963F\u7559\u7533\u6642\u9593", "HAT"};
String HKT[] = new String[] {"\u9999\u6e2f\u6642\u9593", "HKT",
"\u9999\u6e2f\u590f\u4ee4\u6642\u9593", "HKST",
"\u9999\u6E2F\u6642\u9593", "HKT"};
@@ -372,7 +369,7 @@
{"Africa/Tripoli", EET},
{"Africa/Tunis", CET},
{"Africa/Windhoek", WAT},
- {"America/Adak", HAST},
+ {"America/Adak", HST},
{"America/Anguilla", AST},
{"America/Antigua", AST},
{"America/Araguaina", BRT},
@@ -394,7 +391,7 @@
"\u5df4\u62c9\u572d\u590f\u4ee4\u6642\u9593", "PYST",
"\u5DF4\u62C9\u572D\u6642\u9593", "PYT"}},
{"America/Atikokan", EST},
- {"America/Atka", HAST},
+ {"America/Atka", HST},
{"America/Bahia", BRT},
{"America/Bahia_Banderas", CST},
{"America/Barbados", AST},
@@ -1026,7 +1023,7 @@
{"UCT", UTC},
{"Universal", UTC},
{"US/Alaska", AKST},
- {"US/Aleutian", HAST},
+ {"US/Aleutian", HST},
{"US/Arizona", MST},
{"US/Central", CST},
{"US/Eastern", EST},
--- ./jdk/src/share/lib/security/java.security-aix Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/lib/security/java.security-aix Tue Jun 02 13:49:09 2015 +0300
@@ -500,4 +500,61 @@
#
# Example:
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
-jdk.tls.disabledAlgorithms=SSLv3
+jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768
+
+# Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
+# processing in JSSE implementation.
+#
+# In some environments, a certain algorithm may be undesirable but it
+# cannot be disabled because of its use in legacy applications. Legacy
+# algorithms may still be supported, but applications should not use them
+# as the security strength of legacy algorithms are usually not strong enough
+# in practice.
+#
+# During SSL/TLS security parameters negotiation, legacy algorithms will
+# not be negotiated unless there are no other candidates.
+#
+# The syntax of the disabled algorithm string is described as this Java
+# BNF-style:
+# LegacyAlgorithms:
+# " LegacyAlgorithm { , LegacyAlgorithm } "
+#
+# LegacyAlgorithm:
+# AlgorithmName (standard JSSE algorithm name)
+#
+# See the specification of security property "jdk.certpath.disabledAlgorithms"
+# for the syntax and description of the "AlgorithmName" notation.
+#
+# Per SSL/TLS specifications, cipher suites have the form:
+# SSL_KeyExchangeAlg_WITH_CipherAlg_MacAlg
+# or
+# TLS_KeyExchangeAlg_WITH_CipherAlg_MacAlg
+#
+# For example, the cipher suite TLS_RSA_WITH_AES_128_CBC_SHA uses RSA as the
+# key exchange algorithm, AES_128_CBC (128 bits AES cipher algorithm in CBC
+# mode) as the cipher (encryption) algorithm, and SHA-1 as the message digest
+# algorithm for HMAC.
+#
+# The LegacyAlgorithm can be one of the following standard algorithm names:
+# 1. JSSE cipher suite name, e.g., TLS_RSA_WITH_AES_128_CBC_SHA
+# 2. JSSE key exchange algorithm name, e.g., RSA
+# 3. JSSE cipher (encryption) algorithm name, e.g., AES_128_CBC
+# 4. JSSE message digest algorithm name, e.g., SHA
+#
+# See SSL/TLS specifications and "Java Cryptography Architecture Standard
+# Algorithm Name Documentation" for information about the algorithm names.
+#
+# Note: This property is currently used by Oracle's JSSE implementation.
+# It is not guaranteed to be examined and used by other implementations.
+# There is no guarantee the property will continue to exist or be of the
+# same syntax in future releases.
+#
+# Example:
+# jdk.tls.legacyAlgorithms=DH_anon, DES_CBC, SSL_RSA_WITH_RC4_128_MD5
+#
+jdk.tls.legacyAlgorithms= \
+ K_NULL, C_NULL, M_NULL, \
+ DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \
+ DH_RSA_EXPORT, RSA_EXPORT, \
+ DH_anon, ECDH_anon, \
+ RC4_128, RC4_40, DES_CBC, DES40_CBC
--- ./jdk/src/share/lib/security/java.security-linux Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/lib/security/java.security-linux Tue Jun 02 13:49:09 2015 +0300
@@ -500,4 +500,61 @@
#
# Example:
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
-jdk.tls.disabledAlgorithms=SSLv3
+jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768
+
+# Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
+# processing in JSSE implementation.
+#
+# In some environments, a certain algorithm may be undesirable but it
+# cannot be disabled because of its use in legacy applications. Legacy
+# algorithms may still be supported, but applications should not use them
+# as the security strength of legacy algorithms are usually not strong enough
+# in practice.
+#
+# During SSL/TLS security parameters negotiation, legacy algorithms will
+# not be negotiated unless there are no other candidates.
+#
+# The syntax of the disabled algorithm string is described as this Java
+# BNF-style:
+# LegacyAlgorithms:
+# " LegacyAlgorithm { , LegacyAlgorithm } "
+#
+# LegacyAlgorithm:
+# AlgorithmName (standard JSSE algorithm name)
+#
+# See the specification of security property "jdk.certpath.disabledAlgorithms"
+# for the syntax and description of the "AlgorithmName" notation.
+#
+# Per SSL/TLS specifications, cipher suites have the form:
+# SSL_KeyExchangeAlg_WITH_CipherAlg_MacAlg
+# or
+# TLS_KeyExchangeAlg_WITH_CipherAlg_MacAlg
+#
+# For example, the cipher suite TLS_RSA_WITH_AES_128_CBC_SHA uses RSA as the
+# key exchange algorithm, AES_128_CBC (128 bits AES cipher algorithm in CBC
+# mode) as the cipher (encryption) algorithm, and SHA-1 as the message digest
+# algorithm for HMAC.
+#
+# The LegacyAlgorithm can be one of the following standard algorithm names:
+# 1. JSSE cipher suite name, e.g., TLS_RSA_WITH_AES_128_CBC_SHA
+# 2. JSSE key exchange algorithm name, e.g., RSA
+# 3. JSSE cipher (encryption) algorithm name, e.g., AES_128_CBC
+# 4. JSSE message digest algorithm name, e.g., SHA
+#
+# See SSL/TLS specifications and "Java Cryptography Architecture Standard
+# Algorithm Name Documentation" for information about the algorithm names.
+#
+# Note: This property is currently used by Oracle's JSSE implementation.
+# It is not guaranteed to be examined and used by other implementations.
+# There is no guarantee the property will continue to exist or be of the
+# same syntax in future releases.
+#
+# Example:
+# jdk.tls.legacyAlgorithms=DH_anon, DES_CBC, SSL_RSA_WITH_RC4_128_MD5
+#
+jdk.tls.legacyAlgorithms= \
+ K_NULL, C_NULL, M_NULL, \
+ DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \
+ DH_RSA_EXPORT, RSA_EXPORT, \
+ DH_anon, ECDH_anon, \
+ RC4_128, RC4_40, DES_CBC, DES40_CBC
--- ./jdk/src/share/lib/security/java.security-macosx Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/lib/security/java.security-macosx Tue Jun 02 13:49:09 2015 +0300
@@ -503,4 +503,61 @@
#
# Example:
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
-jdk.tls.disabledAlgorithms=SSLv3
+jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768
+
+# Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
+# processing in JSSE implementation.
+#
+# In some environments, a certain algorithm may be undesirable but it
+# cannot be disabled because of its use in legacy applications. Legacy
+# algorithms may still be supported, but applications should not use them
+# as the security strength of legacy algorithms are usually not strong enough
+# in practice.
+#
+# During SSL/TLS security parameters negotiation, legacy algorithms will
+# not be negotiated unless there are no other candidates.
+#
+# The syntax of the disabled algorithm string is described as this Java
+# BNF-style:
+# LegacyAlgorithms:
+# " LegacyAlgorithm { , LegacyAlgorithm } "
+#
+# LegacyAlgorithm:
+# AlgorithmName (standard JSSE algorithm name)
+#
+# See the specification of security property "jdk.certpath.disabledAlgorithms"
+# for the syntax and description of the "AlgorithmName" notation.
+#
+# Per SSL/TLS specifications, cipher suites have the form:
+# SSL_KeyExchangeAlg_WITH_CipherAlg_MacAlg
+# or
+# TLS_KeyExchangeAlg_WITH_CipherAlg_MacAlg
+#
+# For example, the cipher suite TLS_RSA_WITH_AES_128_CBC_SHA uses RSA as the
+# key exchange algorithm, AES_128_CBC (128 bits AES cipher algorithm in CBC
+# mode) as the cipher (encryption) algorithm, and SHA-1 as the message digest
+# algorithm for HMAC.
+#
+# The LegacyAlgorithm can be one of the following standard algorithm names:
+# 1. JSSE cipher suite name, e.g., TLS_RSA_WITH_AES_128_CBC_SHA
+# 2. JSSE key exchange algorithm name, e.g., RSA
+# 3. JSSE cipher (encryption) algorithm name, e.g., AES_128_CBC
+# 4. JSSE message digest algorithm name, e.g., SHA
+#
+# See SSL/TLS specifications and "Java Cryptography Architecture Standard
+# Algorithm Name Documentation" for information about the algorithm names.
+#
+# Note: This property is currently used by Oracle's JSSE implementation.
+# It is not guaranteed to be examined and used by other implementations.
+# There is no guarantee the property will continue to exist or be of the
+# same syntax in future releases.
+#
+# Example:
+# jdk.tls.legacyAlgorithms=DH_anon, DES_CBC, SSL_RSA_WITH_RC4_128_MD5
+#
+jdk.tls.legacyAlgorithms= \
+ K_NULL, C_NULL, M_NULL, \
+ DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \
+ DH_RSA_EXPORT, RSA_EXPORT, \
+ DH_anon, ECDH_anon, \
+ RC4_128, RC4_40, DES_CBC, DES40_CBC
--- ./jdk/src/share/lib/security/java.security-solaris Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/lib/security/java.security-solaris Tue Jun 02 13:49:09 2015 +0300
@@ -502,4 +502,61 @@
#
# Example:
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
-jdk.tls.disabledAlgorithms=SSLv3
+jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768
+
+# Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
+# processing in JSSE implementation.
+#
+# In some environments, a certain algorithm may be undesirable but it
+# cannot be disabled because of its use in legacy applications. Legacy
+# algorithms may still be supported, but applications should not use them
+# as the security strength of legacy algorithms are usually not strong enough
+# in practice.
+#
+# During SSL/TLS security parameters negotiation, legacy algorithms will
+# not be negotiated unless there are no other candidates.
+#
+# The syntax of the disabled algorithm string is described as this Java
+# BNF-style:
+# LegacyAlgorithms:
+# " LegacyAlgorithm { , LegacyAlgorithm } "
+#
+# LegacyAlgorithm:
+# AlgorithmName (standard JSSE algorithm name)
+#
+# See the specification of security property "jdk.certpath.disabledAlgorithms"
+# for the syntax and description of the "AlgorithmName" notation.
+#
+# Per SSL/TLS specifications, cipher suites have the form:
+# SSL_KeyExchangeAlg_WITH_CipherAlg_MacAlg
+# or
+# TLS_KeyExchangeAlg_WITH_CipherAlg_MacAlg
+#
+# For example, the cipher suite TLS_RSA_WITH_AES_128_CBC_SHA uses RSA as the
+# key exchange algorithm, AES_128_CBC (128 bits AES cipher algorithm in CBC
+# mode) as the cipher (encryption) algorithm, and SHA-1 as the message digest
+# algorithm for HMAC.
+#
+# The LegacyAlgorithm can be one of the following standard algorithm names:
+# 1. JSSE cipher suite name, e.g., TLS_RSA_WITH_AES_128_CBC_SHA
+# 2. JSSE key exchange algorithm name, e.g., RSA
+# 3. JSSE cipher (encryption) algorithm name, e.g., AES_128_CBC
+# 4. JSSE message digest algorithm name, e.g., SHA
+#
+# See SSL/TLS specifications and "Java Cryptography Architecture Standard
+# Algorithm Name Documentation" for information about the algorithm names.
+#
+# Note: This property is currently used by Oracle's JSSE implementation.
+# It is not guaranteed to be examined and used by other implementations.
+# There is no guarantee the property will continue to exist or be of the
+# same syntax in future releases.
+#
+# Example:
+# jdk.tls.legacyAlgorithms=DH_anon, DES_CBC, SSL_RSA_WITH_RC4_128_MD5
+#
+jdk.tls.legacyAlgorithms= \
+ K_NULL, C_NULL, M_NULL, \
+ DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \
+ DH_RSA_EXPORT, RSA_EXPORT, \
+ DH_anon, ECDH_anon, \
+ RC4_128, RC4_40, DES_CBC, DES40_CBC
--- ./jdk/src/share/lib/security/java.security-windows Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/lib/security/java.security-windows Tue Jun 02 13:49:09 2015 +0300
@@ -503,4 +503,61 @@
#
# Example:
# jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
-jdk.tls.disabledAlgorithms=SSLv3
+jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768
+
+# Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
+# processing in JSSE implementation.
+#
+# In some environments, a certain algorithm may be undesirable but it
+# cannot be disabled because of its use in legacy applications. Legacy
+# algorithms may still be supported, but applications should not use them
+# as the security strength of legacy algorithms are usually not strong enough
+# in practice.
+#
+# During SSL/TLS security parameters negotiation, legacy algorithms will
+# not be negotiated unless there are no other candidates.
+#
+# The syntax of the disabled algorithm string is described as this Java
+# BNF-style:
+# LegacyAlgorithms:
+# " LegacyAlgorithm { , LegacyAlgorithm } "
+#
+# LegacyAlgorithm:
+# AlgorithmName (standard JSSE algorithm name)
+#
+# See the specification of security property "jdk.certpath.disabledAlgorithms"
+# for the syntax and description of the "AlgorithmName" notation.
+#
+# Per SSL/TLS specifications, cipher suites have the form:
+# SSL_KeyExchangeAlg_WITH_CipherAlg_MacAlg
+# or
+# TLS_KeyExchangeAlg_WITH_CipherAlg_MacAlg
+#
+# For example, the cipher suite TLS_RSA_WITH_AES_128_CBC_SHA uses RSA as the
+# key exchange algorithm, AES_128_CBC (128 bits AES cipher algorithm in CBC
+# mode) as the cipher (encryption) algorithm, and SHA-1 as the message digest
+# algorithm for HMAC.
+#
+# The LegacyAlgorithm can be one of the following standard algorithm names:
+# 1. JSSE cipher suite name, e.g., TLS_RSA_WITH_AES_128_CBC_SHA
+# 2. JSSE key exchange algorithm name, e.g., RSA
+# 3. JSSE cipher (encryption) algorithm name, e.g., AES_128_CBC
+# 4. JSSE message digest algorithm name, e.g., SHA
+#
+# See SSL/TLS specifications and "Java Cryptography Architecture Standard
+# Algorithm Name Documentation" for information about the algorithm names.
+#
+# Note: This property is currently used by Oracle's JSSE implementation.
+# It is not guaranteed to be examined and used by other implementations.
+# There is no guarantee the property will continue to exist or be of the
+# same syntax in future releases.
+#
+# Example:
+# jdk.tls.legacyAlgorithms=DH_anon, DES_CBC, SSL_RSA_WITH_RC4_128_MD5
+#
+jdk.tls.legacyAlgorithms= \
+ K_NULL, C_NULL, M_NULL, \
+ DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \
+ DH_RSA_EXPORT, RSA_EXPORT, \
+ DH_anon, ECDH_anon, \
+ RC4_128, RC4_40, DES_CBC, DES40_CBC
--- ./jdk/src/share/native/sun/font/layout/AlternateSubstSubtables.cpp Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/native/sun/font/layout/AlternateSubstSubtables.cpp Tue Jun 02 13:49:09 2015 +0300
@@ -53,6 +53,7 @@
Offset alternateSetTableOffset = SWAPW(alternateSetTableOffsetArray[coverageIndex]);
const LEReferenceTo alternateSetTable(base, success,
(const AlternateSetTable *) ((char *) this + alternateSetTableOffset));
+ if (!LE_SUCCESS(success)) return 0;
TTGlyphID alternate = SWAPW(alternateSetTable->alternateArray[0]);
if (filter == NULL || filter->accept(LE_SET_GLYPH(glyph, alternate), success)) {
--- ./jdk/src/share/native/sun/font/layout/AnchorTables.cpp Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/native/sun/font/layout/AnchorTables.cpp Tue Jun 02 13:49:09 2015 +0300
@@ -44,21 +44,27 @@
case 1:
{
LEReferenceTo f1(base, success);
- f1->getAnchor(f1, fontInstance, anchor, success);
+ if (LE_SUCCESS(success)) {
+ f1->getAnchor(f1, fontInstance, anchor, success);
+ }
break;
}
case 2:
{
LEReferenceTo f2(base, success);
- f2->getAnchor(f2, glyphID, fontInstance, anchor, success);
+ if (LE_SUCCESS(success)) {
+ f2->getAnchor(f2, glyphID, fontInstance, anchor, success);
+ }
break;
}
case 3:
{
LEReferenceTo f3(base, success);
- f3->getAnchor(f3, fontInstance, anchor, success);
+ if (LE_SUCCESS(success)) {
+ f3->getAnchor(f3, fontInstance, anchor, success);
+ }
break;
}
@@ -66,7 +72,9 @@
{
// unknown format: just use x, y coordinate, like format 1...
LEReferenceTo f1(base, success);
- f1->getAnchor(f1, fontInstance, anchor, success);
+ if (LE_SUCCESS(success)) {
+ f1->getAnchor(f1, fontInstance, anchor, success);
+ }
break;
}
}
@@ -112,16 +120,18 @@
if (dtxOffset != 0) {
LEReferenceTo dt(base, success, dtxOffset);
- le_int16 adjx = dt->getAdjustment(dt, (le_int16) fontInstance->getXPixelsPerEm(), success);
-
- pixels.fX += adjx;
+ if (LE_SUCCESS(success)) {
+ le_int16 adjx = dt->getAdjustment(dt, (le_int16) fontInstance->getXPixelsPerEm(), success);
+ pixels.fX += adjx;
+ }
}
if (dtyOffset != 0) {
LEReferenceTo dt(base, success, dtyOffset);
- le_int16 adjy = dt->getAdjustment(dt, (le_int16) fontInstance->getYPixelsPerEm(), success);
-
- pixels.fY += adjy;
+ if (LE_SUCCESS(success)) {
+ le_int16 adjy = dt->getAdjustment(dt, (le_int16) fontInstance->getYPixelsPerEm(), success);
+ pixels.fY += adjy;
+ }
}
fontInstance->pixelsToUnits(pixels, anchor);
--- ./jdk/src/share/native/sun/font/layout/ContextualGlyphInsertionProc2.cpp Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/native/sun/font/layout/ContextualGlyphInsertionProc2.cpp Tue Jun 02 13:49:09 2015 +0300
@@ -107,6 +107,10 @@
le_int16 markIndex = SWAPW(entry->markedInsertionListIndex);
if (markIndex > 0) {
+ if (markGlyph < 0 || markGlyph >= glyphStorage.getGlyphCount()) {
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ return 0;
+ }
le_int16 count = (flags & cgiMarkedInsertCountMask) >> 5;
le_bool isKashidaLike = (flags & cgiMarkedIsKashidaLike);
le_bool isBefore = (flags & cgiMarkInsertBefore);
@@ -115,6 +119,10 @@
le_int16 currIndex = SWAPW(entry->currentInsertionListIndex);
if (currIndex > 0) {
+ if (currGlyph < 0 || currGlyph >= glyphStorage.getGlyphCount()) {
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ return 0;
+ }
le_int16 count = flags & cgiCurrentInsertCountMask;
le_bool isKashidaLike = (flags & cgiCurrentIsKashidaLike);
le_bool isBefore = (flags & cgiCurrentInsertBefore);
--- ./jdk/src/share/native/sun/font/layout/ContextualGlyphSubstProc.cpp Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/native/sun/font/layout/ContextualGlyphSubstProc.cpp Tue Jun 02 13:49:09 2015 +0300
@@ -76,6 +76,10 @@
WordOffset currOffset = SWAPW(entry->currOffset);
if (markOffset != 0 && LE_SUCCESS(success)) {
+ if (markGlyph < 0 || markGlyph >= glyphStorage.getGlyphCount()) {
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ return 0;
+ }
LEGlyphID mGlyph = glyphStorage[markGlyph];
TTGlyphID newGlyph = SWAPW(int16Table.getObject(markOffset + LE_GET_GLYPH(mGlyph), success)); // whew.
@@ -83,6 +87,10 @@
}
if (currOffset != 0) {
+ if (currGlyph < 0 || currGlyph >= glyphStorage.getGlyphCount()) {
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ return 0;
+ }
LEGlyphID thisGlyph = glyphStorage[currGlyph];
TTGlyphID newGlyph = SWAPW(int16Table.getObject(currOffset + LE_GET_GLYPH(thisGlyph), success)); // whew.
--- ./jdk/src/share/native/sun/font/layout/ContextualGlyphSubstProc2.cpp Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/native/sun/font/layout/ContextualGlyphSubstProc2.cpp Tue Jun 02 13:49:09 2015 +0300
@@ -70,17 +70,25 @@
if(LE_FAILURE(success)) return 0;
le_uint16 newState = SWAPW(entry->newStateIndex);
le_uint16 flags = SWAPW(entry->flags);
- le_int16 markIndex = SWAPW(entry->markIndex);
- le_int16 currIndex = SWAPW(entry->currIndex);
+ le_uint16 markIndex = SWAPW(entry->markIndex);
+ le_uint16 currIndex = SWAPW(entry->currIndex);
- if (markIndex != -1) {
+ if (markIndex != 0x0FFFF) {
+ if (markGlyph < 0 || markGlyph >= glyphStorage.getGlyphCount()) {
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ return 0;
+ }
le_uint32 offset = SWAPL(perGlyphTable(markIndex, success));
LEGlyphID mGlyph = glyphStorage[markGlyph];
TTGlyphID newGlyph = lookup(offset, mGlyph, success);
glyphStorage[markGlyph] = LE_SET_GLYPH(mGlyph, newGlyph);
}
- if (currIndex != -1) {
+ if (currIndex != 0x0FFFF) {
+ if (currGlyph < 0 || currGlyph >= glyphStorage.getGlyphCount()) {
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ return 0;
+ }
le_uint32 offset = SWAPL(perGlyphTable(currIndex, success));
LEGlyphID thisGlyph = glyphStorage[currGlyph];
TTGlyphID newGlyph = lookup(offset, thisGlyph, success);
--- ./jdk/src/share/native/sun/font/layout/Features.cpp Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/native/sun/font/layout/Features.cpp Tue Jun 02 13:49:09 2015 +0300
@@ -41,7 +41,7 @@
LEReferenceTo FeatureListTable::getFeatureTable(const LETableReference &base, le_uint16 featureIndex, LETag *featureTag, LEErrorCode &success) const
{
LEReferenceToArrayOf
- featureRecordArrayRef(base, success, featureRecordArray, featureIndex);
+ featureRecordArrayRef(base, success, featureRecordArray, featureIndex+1);
if (featureIndex >= SWAPW(featureCount) || LE_FAILURE(success)) {
return LEReferenceTo();
--- ./jdk/src/share/native/sun/font/layout/GXLayoutEngine.cpp Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/native/sun/font/layout/GXLayoutEngine.cpp Tue Jun 02 13:49:09 2015 +0300
@@ -73,7 +73,7 @@
fMorphTable->process(fMorphTable, glyphStorage, success);
- return count;
+ return glyphStorage.getGlyphCount();
}
// apply positional tables
--- ./jdk/src/share/native/sun/font/layout/GXLayoutEngine2.cpp Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/native/sun/font/layout/GXLayoutEngine2.cpp Tue Jun 02 13:49:09 2015 +0300
@@ -69,7 +69,7 @@
}
fMorphTable->process(fMorphTable, glyphStorage, fTypoFlags, success);
- return count;
+ return glyphStorage.getGlyphCount();
}
// apply positional tables
--- ./jdk/src/share/native/sun/font/layout/IndicRearrangementProcessor.cpp Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/native/sun/font/layout/IndicRearrangementProcessor.cpp Tue Jun 02 13:49:09 2015 +0300
@@ -70,6 +70,11 @@
ByteOffset newState = SWAPW(entry->newStateOffset);
IndicRearrangementFlags flags = (IndicRearrangementFlags) SWAPW(entry->flags);
+ if (currGlyph < 0 || currGlyph >= glyphStorage.getGlyphCount()) {
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ return 0;
+ }
+
if (flags & irfMarkFirst) {
firstGlyph = currGlyph;
}
--- ./jdk/src/share/native/sun/font/layout/IndicRearrangementProcessor2.cpp Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/native/sun/font/layout/IndicRearrangementProcessor2.cpp Tue Jun 02 13:49:09 2015 +0300
@@ -68,6 +68,11 @@
le_uint16 newState = SWAPW(entry->newStateIndex); // index to the new state
IndicRearrangementFlags flags = (IndicRearrangementFlags) SWAPW(entry->flags);
+ if (currGlyph < 0 || currGlyph >= glyphStorage.getGlyphCount()) {
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ return 0;
+ }
+
if (flags & irfMarkFirst) {
firstGlyph = currGlyph;
}
--- ./jdk/src/share/native/sun/font/layout/LETableReference.h Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/native/sun/font/layout/LETableReference.h Tue Jun 02 13:49:09 2015 +0300
@@ -188,7 +188,7 @@
void addOffset(size_t offset, LEErrorCode &success) {
if(hasBounds()) {
- if(offset > fLength) {
+ if(offset >= fLength) {
LE_DEBUG_TR("addOffset off end");
success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
return;
@@ -203,7 +203,7 @@
if(atPtr==NULL) return 0;
if(LE_FAILURE(success)) return LE_UINTPTR_MAX;
if((atPtr < fStart) ||
- (hasBounds() && (atPtr > fStart+fLength))) {
+ (hasBounds() && (atPtr >= fStart+fLength))) {
LE_DEBUG_TR3("ptrToOffset args out of range: %p", atPtr, 0);
success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
return LE_UINTPTR_MAX;
@@ -240,6 +240,18 @@
}
/**
+ * Throw an error if size*count overflows
+ */
+ size_t verifyLength(size_t offset, size_t size, le_uint32 count, LEErrorCode &success) {
+ if(count!=0 && size>LE_UINT32_MAX/count) {
+ LE_DEBUG_TR3("verifyLength failed size=%u, count=%u", size, count);
+ success = LE_INDEX_OUT_OF_BOUNDS_ERROR;
+ return 0;
+ }
+ return verifyLength(offset, size*count, success);
+ }
+
+ /**
* Change parent link to another
*/
LETableReference &reparent(const LETableReference &base) {
@@ -424,7 +436,7 @@
if(fCount == LE_UNBOUNDED_ARRAY) { // not a known length
fCount = getLength()/LETableVarSizer::getSize(); // fit to max size
}
- LETableReference::verifyLength(0, LETableVarSizer::getSize()*fCount, success);
+ LETableReference::verifyLength(0, LETableVarSizer::getSize(), fCount, success);
}
if(LE_FAILURE(success)) {
fCount=0;
@@ -439,7 +451,7 @@
if(fCount == LE_UNBOUNDED_ARRAY) { // not a known length
fCount = getLength()/LETableVarSizer::getSize(); // fit to max size
}
- LETableReference::verifyLength(0, LETableVarSizer::getSize()*fCount, success);
+ LETableReference::verifyLength(0, LETableVarSizer::getSize(), fCount, success);
}
if(LE_FAILURE(success)) clear();
}
@@ -450,7 +462,7 @@
if(fCount == LE_UNBOUNDED_ARRAY) { // not a known length
fCount = getLength()/LETableVarSizer::getSize(); // fit to max size
}
- LETableReference::verifyLength(0, LETableVarSizer::getSize()*fCount, success);
+ LETableReference::verifyLength(0, LETableVarSizer::getSize(), fCount, success);
}
if(LE_FAILURE(success)) clear();
}
--- ./jdk/src/share/native/sun/font/layout/LigatureSubstProc.cpp Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/native/sun/font/layout/LigatureSubstProc.cpp Tue Jun 02 13:49:09 2015 +0300
@@ -73,7 +73,7 @@
const LigatureSubstitutionStateEntry *entry = entryTable.getAlias(index, success);
ByteOffset newState = SWAPW(entry->newStateOffset);
- le_int16 flags = SWAPW(entry->flags);
+ le_uint16 flags = SWAPW(entry->flags);
if (flags & lsfSetComponent) {
if (++m >= nComponents) {
@@ -92,15 +92,18 @@
if (actionOffset != 0) {
LEReferenceTo ap(stHeader, success, actionOffset);
LigatureActionEntry action;
- le_int32 offset, i = 0;
+ le_int32 offset, i = 0, j = 0;
le_int32 stack[nComponents];
le_int16 mm = -1;
do {
le_uint32 componentGlyph = componentStack[m--];
+ if (j++ > 0) {
+ ap.addObject(success);
+ }
+
action = SWAPL(*ap.getAlias());
- ap.addObject(success); // ap++
if (m < 0) {
m = nComponents - 1;
--- ./jdk/src/share/native/sun/font/layout/LigatureSubstProc2.cpp Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/native/sun/font/layout/LigatureSubstProc2.cpp Tue Jun 02 13:49:09 2015 +0300
@@ -98,7 +98,7 @@
ap.addObject(ligActionIndex, success);
LEReferenceToArrayOf ligatureTable(stHeader, success, ligatureOffset, LE_UNBOUNDED_ARRAY);
LigatureActionEntry action;
- le_int32 offset, i = 0;
+ le_int32 offset, i = 0, j = 0;
le_int32 stack[nComponents];
le_int16 mm = -1;
@@ -111,6 +111,10 @@
do {
le_uint32 componentGlyph = componentStack[m--]; // pop off
+ if (j++ > 0) {
+ ap.addObject(success);
+ }
+
action = SWAPL(*ap.getAlias());
if (m < 0) {
@@ -144,7 +148,6 @@
LE_DEBUG_BAD_FONT("m<0")
}
#endif
- ap.addObject(success);
} while (LE_SUCCESS(success) && !(action & lafLast) && (m>=0) ); // stop if last bit is set, or if run out of items
while (mm >= 0) {
--- ./jdk/src/share/native/sun/font/layout/MarkToBasePosnSubtables.cpp Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/native/sun/font/layout/MarkToBasePosnSubtables.cpp Tue Jun 02 13:49:09 2015 +0300
@@ -97,13 +97,9 @@
if( LE_FAILURE(success) ) { return 0; }
Offset anchorTableOffset = SWAPW(baseRecord->baseAnchorTableOffsetArray[markClass]);
- if (anchorTableOffset <= 0) {
- // this means the table is mal-formed...
- glyphIterator->setCurrGlyphBaseOffset(baseIterator.getCurrStreamPosition());
- return 0;
- }
+ LEReferenceTo anchorTable(baseArray, success, anchorTableOffset);
+ if( LE_FAILURE(success) ) { return 0; }
- LEReferenceTo anchorTable(baseArray, success, anchorTableOffset);
LEPoint baseAnchor, markAdvance, pixels;
--- ./jdk/src/share/native/sun/font/layout/MorphTables.cpp Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/native/sun/font/layout/MorphTables.cpp Tue Jun 02 13:49:09 2015 +0300
@@ -52,8 +52,15 @@
le_uint32 chain;
for (chain = 0; LE_SUCCESS(success) && (chain < chainCount); chain += 1) {
+ if (chain > 0) {
+ le_uint32 chainLength = SWAPL(chainHeader->chainLength);
+ if (chainLength & 0x03) { // incorrect alignment for 32 bit tables
+ success = LE_MEMORY_ALLOCATION_ERROR; // as good a choice as any
+ return;
+ }
+ chainHeader.addOffset(chainLength, success);
+ }
FeatureFlags defaultFlags = SWAPL(chainHeader->defaultFlags);
- le_uint32 chainLength = SWAPL(chainHeader->chainLength);
le_int16 nFeatureEntries = SWAPW(chainHeader->nFeatureEntries);
le_int16 nSubtables = SWAPW(chainHeader->nSubtables);
LEReferenceTo subtableHeader =
@@ -61,7 +68,14 @@
le_int16 subtable;
for (subtable = 0; LE_SUCCESS(success) && (subtable < nSubtables); subtable += 1) {
- le_int16 length = SWAPW(subtableHeader->length);
+ if (subtable > 0) {
+ le_int16 length = SWAPW(subtableHeader->length);
+ if (length & 0x03) { // incorrect alignment for 32 bit tables
+ success = LE_MEMORY_ALLOCATION_ERROR; // as good a choice as any
+ return;
+ }
+ subtableHeader.addOffset(length, success);
+ }
SubtableCoverage coverage = SWAPW(subtableHeader->coverage);
FeatureFlags subtableFeatures = SWAPL(subtableHeader->subtableFeatures);
@@ -69,10 +83,7 @@
if ((coverage & scfVertical) == 0 && (subtableFeatures & defaultFlags) != 0 && LE_SUCCESS(success)) {
subtableHeader->process(subtableHeader, glyphStorage, success);
}
-
- subtableHeader.addOffset(length, success);
}
- chainHeader.addOffset(chainLength, success);
}
}
--- ./jdk/src/share/native/sun/font/layout/MorphTables2.cpp Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/native/sun/font/layout/MorphTables2.cpp Tue Jun 02 13:49:09 2015 +0300
@@ -59,6 +59,10 @@
for (chain = 0; LE_SUCCESS(success) && (chain < chainCount); chain++) {
if (chain>0) {
le_uint32 chainLength = SWAPL(chainHeader->chainLength);
+ if (chainLength & 0x03) { // incorrect alignment for 32 bit tables
+ success = LE_MEMORY_ALLOCATION_ERROR; // as good a choice as any
+ return;
+ }
chainHeader.addOffset(chainLength, success); // Don't increment the first time
}
FeatureFlags flag = SWAPL(chainHeader->defaultFlags);
@@ -188,6 +192,10 @@
for (subtable = 0; LE_SUCCESS(success) && subtable < nSubtables; subtable++) {
if(subtable>0) {
le_uint32 length = SWAPL(subtableHeader->length);
+ if (length & 0x03) { // incorrect alignment for 32 bit tables
+ success = LE_MEMORY_ALLOCATION_ERROR; // as good a choice as any
+ return;
+ }
subtableHeader.addOffset(length, success); // Don't addOffset for the last entry.
}
le_uint32 coverage = SWAPL(subtableHeader->coverage);
--- ./jdk/src/share/native/sun/font/layout/PairPositioningSubtables.cpp Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/native/sun/font/layout/PairPositioningSubtables.cpp Tue Jun 02 13:49:09 2015 +0300
@@ -179,12 +179,13 @@
LEReferenceTo record(records);
for(le_int32 r = 0; r < recordCount; r += 1) {
+ if (r > 0) {
+ record.addOffset(recordSize, success);
+ }
if(LE_FAILURE(success)) return LEReferenceTo();
if (SWAPW(record->secondGlyph) == glyphID) {
return record;
}
-
- record.addOffset(recordSize, success);
}
#else
#error dead code - not updated.
--- ./jdk/src/share/native/sun/font/layout/SingleSubstitutionSubtables.cpp Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/native/sun/font/layout/SingleSubstitutionSubtables.cpp Tue Jun 02 13:49:09 2015 +0300
@@ -94,7 +94,9 @@
return 0;
}
- if (coverageIndex >= 0) {
+ LEReferenceToArrayOf substituteArrayRef(base, success, substituteArray, SWAPW(glyphCount));
+
+ if (coverageIndex >= 0 && LE_SUCCESS(success) && coverageIndex < substituteArrayRef.getCount()) {
TTGlyphID substitute = SWAPW(substituteArray[coverageIndex]);
if (filter == NULL || filter->accept(LE_SET_GLYPH(glyph, substitute), success)) {
--- ./jdk/src/share/native/sun/font/layout/StateTableProcessor.cpp Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/native/sun/font/layout/StateTableProcessor.cpp Tue Jun 02 13:49:09 2015 +0300
@@ -85,6 +85,7 @@
if (currGlyph == glyphCount) {
// XXX: How do we handle EOT vs. EOL?
classCode = classCodeEOT;
+ break;
} else {
TTGlyphID glyphCode = (TTGlyphID) LE_GET_GLYPH(glyphStorage[currGlyph]);
--- ./jdk/src/share/native/sun/font/layout/StateTableProcessor2.cpp Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/native/sun/font/layout/StateTableProcessor2.cpp Tue Jun 02 13:49:09 2015 +0300
@@ -103,6 +103,7 @@
if (currGlyph == glyphCount || currGlyph == -1) {
// XXX: How do we handle EOT vs. EOL?
classCode = classCodeEOT;
+ break;
} else {
LEGlyphID gid = glyphStorage[currGlyph];
TTGlyphID glyphCode = (TTGlyphID) LE_GET_GLYPH(gid);
@@ -134,6 +135,7 @@
if (currGlyph == glyphCount || currGlyph == -1) {
// XXX: How do we handle EOT vs. EOL?
classCode = classCodeEOT;
+ break;
} else {
LEGlyphID gid = glyphStorage[currGlyph];
TTGlyphID glyphCode = (TTGlyphID) LE_GET_GLYPH(gid);
@@ -171,6 +173,7 @@
if (currGlyph == glyphCount || currGlyph == -1) {
// XXX: How do we handle EOT vs. EOL?
classCode = classCodeEOT;
+ break;
} else if(currGlyph > glyphCount) {
// note if > glyphCount, we've run off the end (bad font)
currGlyph = glyphCount;
@@ -211,6 +214,7 @@
if (currGlyph == glyphCount || currGlyph == -1) {
// XXX: How do we handle EOT vs. EOL?
classCode = classCodeEOT;
+ break;
} else {
TTGlyphID glyphCode = (TTGlyphID) LE_GET_GLYPH(glyphStorage[currGlyph]);
if (glyphCode == 0xFFFF) {
--- ./jdk/src/share/native/sun/font/layout/StateTables.h Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/native/sun/font/layout/StateTables.h Tue Jun 02 13:49:09 2015 +0300
@@ -126,7 +126,7 @@
struct StateEntry
{
ByteOffset newStateOffset;
- le_int16 flags;
+ le_uint16 flags;
};
typedef le_uint16 EntryTableIndex2;
--- ./jdk/src/share/native/sun/security/ec/impl/ec.c Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/native/sun/security/ec/impl/ec.c Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2015, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
*
* This library is free software; you can redistribute it and/or
@@ -34,6 +34,7 @@
* Dr Vipul Gupta and
* Douglas Stebila , Sun Microsystems Laboratories
*
+ * Last Modified Date from the Original Code: April 2015
*********************************************************************** */
#include "mplogic.h"
@@ -585,6 +586,10 @@
return SECFailure;
}
+ if (EC_ValidatePublicKey(ecParams, publicValue, kmflag) != SECSuccess) {
+ return SECFailure;
+ }
+
memset(derivedSecret, 0, sizeof *derivedSecret);
len = (ecParams->fieldID.size + 7) >> 3;
pointQ.len = 2*len + 1;
--- ./jdk/src/share/native/sun/security/ec/impl/ecc_impl.h Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/native/sun/security/ec/impl/ecc_impl.h Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2007, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2013, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
*
* This library is free software; you can redistribute it and/or
@@ -34,6 +34,7 @@
* Dr Vipul Gupta and
* Douglas Stebila , Sun Microsystems Laboratories
*
+ * Last Modified Date from the Original Code: November 2013
*********************************************************************** */
#ifndef _ECC_IMPL_H
--- ./jdk/src/share/native/sun/security/ec/impl/ecdecode.c Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/native/sun/security/ec/impl/ecdecode.c Tue Jun 02 13:49:09 2015 +0300
@@ -34,6 +34,7 @@
* Dr Vipul Gupta and
* Douglas Stebila , Sun Microsystems Laboratories
*
+ * Last Modified Date from the Original Code: March 2012
*********************************************************************** */
#include
--- ./jdk/src/share/native/sun/security/ec/impl/mpi.c Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/native/sun/security/ec/impl/mpi.c Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2007, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2014, Oracle and/or its affiliates. All rights reserved.
* Use is subject to license terms.
*
* This library is free software; you can redistribute it and/or
@@ -34,6 +34,7 @@
* Netscape Communications Corporation
* Douglas Stebila of Sun Laboratories.
*
+ * Last Modified Date from the Original Code: June 2014
*********************************************************************** */
/* Arbitrary precision integer arithmetic library */
--- ./jdk/src/share/native/sun/security/ec/impl/oid.c Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/native/sun/security/ec/impl/oid.c Tue Jun 02 13:49:09 2015 +0300
@@ -33,6 +33,7 @@
* Contributor(s):
* Dr Vipul Gupta , Sun Microsystems Laboratories
*
+ * Last Modified Date from the Original Code: March 2012
*********************************************************************** */
#include
--- ./jdk/src/share/native/sun/security/ec/impl/secitem.c Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/share/native/sun/security/ec/impl/secitem.c Tue Jun 02 13:49:09 2015 +0300
@@ -32,6 +32,7 @@
*
* Contributor(s):
*
+ * Last Modified Date from the Original Code: March 2012
*********************************************************************** */
/*
--- ./jdk/src/solaris/bin/java_md_solinux.c Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/solaris/bin/java_md_solinux.c Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -613,13 +613,14 @@
/* runpath contains current effective LD_LIBRARY_PATH setting */
jvmpath = JLI_StringDup(jvmpath);
- new_runpath = JLI_MemAlloc(((runpath != NULL) ? JLI_StrLen(runpath) : 0) +
+ size_t new_runpath_size = ((runpath != NULL) ? JLI_StrLen(runpath) : 0) +
2 * JLI_StrLen(jrepath) + 2 * JLI_StrLen(arch) +
#ifdef AIX
/* On AIX we additionally need 'jli' in the path because ld doesn't support $ORIGIN. */
JLI_StrLen(jrepath) + JLI_StrLen(arch) + JLI_StrLen("/lib//jli:") +
#endif
- JLI_StrLen(jvmpath) + 52);
+ JLI_StrLen(jvmpath) + 52;
+ new_runpath = JLI_MemAlloc(new_runpath_size);
newpath = new_runpath + JLI_StrLen(LD_LIBRARY_PATH "=");
@@ -679,6 +680,11 @@
* loop of execv() because we test for the prefix, above.
*/
if (runpath != 0) {
+ /* ensure storage for runpath + colon + NULL */
+ if ((JLI_StrLen(runpath) + 1 + 1) > new_runpath_size) {
+ JLI_ReportErrorMessageSys(JRE_ERROR11);
+ exit(1);
+ }
JLI_StrCat(new_runpath, ":");
JLI_StrCat(new_runpath, runpath);
}
@@ -811,7 +817,11 @@
JLI_TraceLauncher("JRE path is %s\n", path);
return JNI_TRUE;
}
-
+ /* ensure storage for path + /jre + NULL */
+ if ((JLI_StrLen(path) + 4 + 1) > pathsize) {
+ JLI_TraceLauncher("Insufficient space to store JRE path\n");
+ return JNI_FALSE;
+ }
/* Does the app ship a private JRE in /jre directory? */
JLI_Snprintf(libjava, sizeof(libjava), "%s/jre/lib/%s/" JAVA_DLL, path, arch);
if (access(libjava, F_OK) == 0) {
--- ./jdk/src/solaris/native/java/net/net_util_md.c Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/solaris/native/java/net/net_util_md.c Tue Jun 02 13:49:09 2015 +0300
@@ -1521,6 +1521,7 @@
int exclbind = -1;
#endif
int rv;
+ int arg, alen;
#ifdef __linux__
/*
@@ -1537,7 +1538,7 @@
}
#endif
-#if defined(__solaris__) && defined(AF_INET6)
+#if defined(__solaris__)
/*
* Solaris has separate IPv4 and IPv6 port spaces so we
* use an exclusive bind when SO_REUSEADDR is not used to
@@ -1547,35 +1548,31 @@
* results in a late bind that fails because the
* corresponding IPv4 port is in use.
*/
- if (ipv6_available()) {
- int arg, len;
+ alen = sizeof(arg);
+ if (useExclBind || getsockopt(fd, SOL_SOCKET, SO_REUSEADDR,
+ (char *)&arg, &alen) == 0) {
+ if (useExclBind || arg == 0) {
+ /*
+ * SO_REUSEADDR is disabled or sun.net.useExclusiveBind
+ * property is true so enable TCP_EXCLBIND or
+ * UDP_EXCLBIND
+ */
+ alen = sizeof(arg);
+ if (getsockopt(fd, SOL_SOCKET, SO_TYPE, (char *)&arg,
+ &alen) == 0) {
+ if (arg == SOCK_STREAM) {
+ level = IPPROTO_TCP;
+ exclbind = TCP_EXCLBIND;
+ } else {
+ level = IPPROTO_UDP;
+ exclbind = UDP_EXCLBIND;
+ }
+ }
- len = sizeof(arg);
- if (useExclBind || getsockopt(fd, SOL_SOCKET, SO_REUSEADDR,
- (char *)&arg, &len) == 0) {
- if (useExclBind || arg == 0) {
- /*
- * SO_REUSEADDR is disabled or sun.net.useExclusiveBind
- * property is true so enable TCP_EXCLBIND or
- * UDP_EXCLBIND
- */
- len = sizeof(arg);
- if (getsockopt(fd, SOL_SOCKET, SO_TYPE, (char *)&arg,
- &len) == 0) {
- if (arg == SOCK_STREAM) {
- level = IPPROTO_TCP;
- exclbind = TCP_EXCLBIND;
- } else {
- level = IPPROTO_UDP;
- exclbind = UDP_EXCLBIND;
- }
- }
-
- arg = 1;
- setsockopt(fd, level, exclbind, (char *)&arg,
- sizeof(arg));
+ arg = 1;
+ setsockopt(fd, level, exclbind, (char *)&arg,
+ sizeof(arg));
}
- }
}
#endif
--- ./jdk/src/windows/bin/java_md.c Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/src/windows/bin/java_md.c Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -318,7 +318,11 @@
JLI_TraceLauncher("JRE path is %s\n", path);
return JNI_TRUE;
}
-
+ /* ensure storage for path + \jre + NULL */
+ if ((JLI_StrLen(path) + 4 + 1) > pathsize) {
+ JLI_TraceLauncher("Insufficient space to store JRE path\n");
+ return JNI_FALSE;
+ }
/* Does this app ship a private JRE in \jre directory? */
JLI_Snprintf(javadll, sizeof (javadll), "%s\\jre\\bin\\" JAVA_DLL, path);
if (stat(javadll, &s) == 0) {
--- ./jdk/test/com/sun/security/auth/login/ConfigFile/InconsistentError.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/test/com/sun/security/auth/login/ConfigFile/InconsistentError.java Tue Jun 02 13:49:09 2015 +0300
@@ -26,6 +26,7 @@
* @bug 4406033
* @summary ConfigFile throws an inconsistent error message
* when the configuration file is not found
+ * @run main/othervm -Duser.language=en InconsistentError
*/
import com.sun.security.auth.login.*;
--- ./jdk/test/com/sun/security/auth/module/KeyStoreLoginModule/OptionTest.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/test/com/sun/security/auth/module/KeyStoreLoginModule/OptionTest.java Tue Jun 02 13:49:09 2015 +0300
@@ -25,6 +25,7 @@
* @test
* @bug 4919147
* @summary Support for token-based KeyStores
+ * @run main/othervm -Duser.language=en OptionTest
*/
import java.io.File;
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ ./jdk/test/java/awt/Frame/MaximizedNormalBoundsUndecoratedTest/MaximizedNormalBoundsUndecoratedTest.java Tue Jun 02 13:49:09 2015 +0300
@@ -0,0 +1,76 @@
+/*
+ * Copyright (c) 2007, 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.awt.Frame;
+import java.awt.Toolkit;
+import java.awt.Dimension;
+/*
+ * @test
+ * @bug 8066436
+ * @summary Set the size of frame. Set extendedState Frame.MAXIMIZED_BOTH and Frame.NORMAL
+ * sequentially for undecorated Frame and .
+ * Check if resulted size is equal to original frame size.
+ * @run main MaximizedNormalBoundsUndecoratedTest
+ */
+
+
+public class MaximizedNormalBoundsUndecoratedTest {
+ private Frame frame;
+ public static void main(String args[]) {
+ if (!Toolkit.getDefaultToolkit().isFrameStateSupported(Frame.MAXIMIZED_BOTH)
+ && !Toolkit.getDefaultToolkit().isFrameStateSupported(Frame.NORMAL)) {
+ return;
+ }
+ MaximizedNormalBoundsUndecoratedTest test = new MaximizedNormalBoundsUndecoratedTest();
+ boolean doPass = true;
+ if( !test.doTest() ) {
+ System.out.println("Maximizing frame not saving correct normal bounds");
+ doPass = false;
+ }
+
+ if(!doPass) {
+ throw new RuntimeException("Maximizing frame not saving correct normal bounds");
+ }
+ }
+
+ boolean doTest() {
+ Dimension beforeMaximizeCalled = new Dimension(300,300);
+
+ frame = new Frame("Test Frame");
+ frame.setUndecorated(true);
+ frame.setFocusable(true);
+ frame.setSize(beforeMaximizeCalled);
+ frame.setVisible(true);
+ frame.setExtendedState(Frame.MAXIMIZED_BOTH);
+ frame.setExtendedState(Frame.NORMAL);
+
+ Dimension afterMaximizedCalled= frame.getBounds().getSize();
+
+ frame.dispose();
+
+ if (beforeMaximizeCalled.equals(afterMaximizedCalled)) {
+ return true;
+ }
+ return false;
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ ./jdk/test/java/awt/datatransfer/ClipboardInterVMTest/ClipboardInterVMTest.java Tue Jun 02 13:49:09 2015 +0300
@@ -0,0 +1,171 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ @test
+ @bug 8071668
+ @summary Check whether clipboard see changes from external process after taking ownership
+ @author Anton Nashatyrev: area=datatransfer
+ @library /lib/testlibrary
+ @build jdk.testlibrary.Utils
+ @run main ClipboardInterVMTest
+*/
+
+import jdk.testlibrary.Utils;
+
+import java.awt.*;
+import java.awt.datatransfer.*;
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.IOException;
+import java.io.Reader;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.TimeUnit;
+
+public class ClipboardInterVMTest {
+
+ static CountDownLatch lostOwnershipMonitor = new CountDownLatch(1);
+ static CountDownLatch flavorChangedMonitor = new CountDownLatch(1);
+ static Process process;
+
+ public static void main(String[] args) throws Throwable {
+ Clipboard clip = Toolkit.getDefaultToolkit().getSystemClipboard();
+
+ if (args.length > 0) {
+ System.out.println("Changing clip...");
+ clip.setContents(new StringSelection("pong"), null);
+ System.out.println("done");
+ // keeping this process running for a while since on Mac the clipboard
+ // will be invalidated via NSApplicationDidBecomeActiveNotification
+ // callback in the main process after this child process finishes
+ Thread.sleep(60 * 1000);
+ return;
+ };
+
+
+ clip.setContents(new CustomSelection(), new ClipboardOwner() {
+ @Override
+ public void lostOwnership(Clipboard clipboard, Transferable contents) {
+ System.out.println("ClipboardInterVMTest.lostOwnership");
+ lostOwnershipMonitor.countDown();
+ }
+ });
+
+ clip.addFlavorListener(new FlavorListener() {
+ @Override
+ public void flavorsChanged(FlavorEvent e) {
+ System.out.println("ClipboardInterVMTest.flavorsChanged");
+ flavorChangedMonitor.countDown();
+ }
+ });
+
+ System.out.println("Starting external clipborad modifier...");
+ new Thread(() -> runTest(ClipboardInterVMTest.class.getCanonicalName(), "pong")).start();
+
+ String content = "";
+ long startTime = System.currentTimeMillis();
+ while (System.currentTimeMillis() - startTime < 30 * 1000) {
+ Transferable c = clip.getContents(null);
+ if (c.isDataFlavorSupported(DataFlavor.plainTextFlavor)) {
+ Reader reader = DataFlavor.plainTextFlavor.getReaderForText(c);
+ content = new BufferedReader(reader).readLine();
+ System.out.println(content);
+ if (content.equals("pong")) {
+ break;
+ }
+ }
+ Thread.sleep(200);
+ }
+
+ if (!lostOwnershipMonitor.await(10, TimeUnit.SECONDS)) {
+ throw new RuntimeException("No LostOwnership event received.");
+ };
+
+ if (!flavorChangedMonitor.await(10, TimeUnit.SECONDS)) {
+ throw new RuntimeException("No LostOwnership event received.");
+ };
+
+ if (!content.equals("pong")) {
+ throw new RuntimeException("Content was not passed.");
+ }
+
+ process.destroy();
+
+ System.out.println("Passed.");
+ }
+
+ private static void runTest(String main, String... args) {
+
+ try {
+ List opts = new ArrayList<>();
+ opts.add(getJavaExe());
+ opts.addAll(Arrays.asList(Utils.getTestJavaOpts()));
+ opts.add("-cp");
+ opts.add(System.getProperty("test.class.path", System.getProperty("java.class.path")));
+
+ opts.add(main);
+ opts.addAll(Arrays.asList(args));
+
+ ProcessBuilder pb = new ProcessBuilder(opts.toArray(new String[0]));
+ process = pb.start();
+ } catch (Throwable throwable) {
+ throw new RuntimeException(throwable);
+ }
+ }
+
+ private static String getJavaExe() throws IOException {
+ File p = new File(System.getProperty("java.home"), "bin");
+ File j = new File(p, "java");
+ if (!j.canRead()) {
+ j = new File(p, "java.exe");
+ }
+ if (!j.canRead()) {
+ throw new RuntimeException("Can't find java executable in " + p);
+ }
+ return j.getCanonicalPath();
+ }
+
+ static class CustomSelection implements Transferable {
+ private static final DataFlavor[] flavors = { DataFlavor.allHtmlFlavor };
+
+ public DataFlavor[] getTransferDataFlavors() {
+ return flavors;
+ }
+
+ public boolean isDataFlavorSupported(DataFlavor flavor) {
+ return flavors[0].equals(flavor);
+ }
+
+ public Object getTransferData(DataFlavor flavor)
+ throws UnsupportedFlavorException, java.io.IOException {
+ if (isDataFlavorSupported(flavor)) {
+ return "ping";
+ } else {
+ throw new UnsupportedFlavorException(flavor);
+ }
+ }
+ }
+}
\ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ ./jdk/test/java/awt/event/KeyEvent/AltCharAcceleratorTest/AltCharAcceleratorTest.java Tue Jun 02 13:49:09 2015 +0300
@@ -0,0 +1,136 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+@test
+@bug 8068283
+@summary Checks that +Char accelerators work when pressed in a text component
+@author Anton Nashatyrev
+@run main AltCharAcceleratorTest
+*/
+
+import sun.awt.SunToolkit;
+
+import javax.swing.*;
+import java.awt.*;
+import java.awt.event.*;
+import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.TimeUnit;
+
+public class AltCharAcceleratorTest {
+
+ boolean action1 = false;
+ boolean action2 = false;
+
+ CountDownLatch focusLatch = new CountDownLatch(1);
+ CountDownLatch actionLatch = new CountDownLatch(2);
+
+ public AltCharAcceleratorTest() throws Exception {
+ SwingUtilities.invokeAndWait(new Runnable() {
+ @Override
+ public void run() {
+ JFrame f = new JFrame("frame");
+ final JTextField t = new JTextField();
+ JMenuBar mb = new JMenuBar();
+ JMenu m1 = new JMenu("File");
+ JMenuItem i1 = new JMenuItem("Save");
+ JMenuItem i2 = new JMenuItem("Load");
+
+ i1.setAccelerator(KeyStroke.getKeyStroke(KeyEvent.VK_T, KeyEvent.ALT_MASK));
+ i2.setAccelerator(KeyStroke.getKeyStroke(KeyEvent.VK_F, KeyEvent.ALT_MASK));
+
+ i1.addActionListener(new ActionListener() {
+ @Override
+ public void actionPerformed(ActionEvent e) {
+ System.out.println("Action1!");
+ action1 = true;
+ actionLatch.countDown();
+ }
+ });
+
+ i2.addActionListener(new ActionListener() {
+ @Override
+ public void actionPerformed(ActionEvent e) {
+ System.out.println("Action2!");
+ action2 = true;
+ actionLatch.countDown();
+ }
+ });
+
+ t.addFocusListener(new FocusAdapter() {
+ @Override
+ public void focusGained(FocusEvent e) {
+ System.out.println("Focused!");
+ focusLatch.countDown();
+ }
+ });
+
+ t.setColumns(10);
+ t.requestFocusInWindow();
+
+ f.setJMenuBar(mb);
+ mb.add(m1);
+ m1.add(i1);
+ m1.add(i2);
+
+ f.setLayout(new FlowLayout());
+ f.add(t);
+ f.setSize(200, 200);
+
+ f.setVisible(true);
+ }
+ });
+ }
+
+ void test() throws Exception {
+ ((SunToolkit) Toolkit.getDefaultToolkit()).realSync();
+
+ focusLatch.await(5, TimeUnit.SECONDS);
+
+ Robot robot = new Robot();
+ robot.setAutoDelay(100);
+
+ robot.keyPress(KeyEvent.VK_ALT);
+ robot.keyPress(KeyEvent.VK_T);
+ robot.keyRelease(KeyEvent.VK_T);
+ robot.keyRelease(KeyEvent.VK_ALT);
+
+ robot.keyPress(KeyEvent.VK_ALT);
+ robot.keyPress(KeyEvent.VK_F);
+ robot.keyRelease(KeyEvent.VK_F);
+ robot.keyRelease(KeyEvent.VK_ALT);
+
+ actionLatch.await(5, TimeUnit.SECONDS);
+
+ if (!action1 || !action2) {
+ throw new RuntimeException("Actions not performed");
+ }
+
+ System.out.println("Passed.");
+ }
+
+ public static void main(String[] args) throws Exception {
+ AltCharAcceleratorTest t = new AltCharAcceleratorTest();
+ t.test();
+ }
+}
\ No newline at end of file
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ ./jdk/test/javax/crypto/Cipher/CipherInputStreamExceptions.java Tue Jun 02 13:49:09 2015 +0300
@@ -0,0 +1,415 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8064546
+ * @summary Throw exceptions during reading but not closing of a
+ * CipherInputStream:
+ * - Make sure authenticated algorithms continue to throwing exceptions
+ * when the authentication tag fails verification.
+ * - Make sure other algorithms do not throw exceptions when the stream
+ * calls close() and only throw when read() errors.
+ */
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.lang.Exception;
+import java.lang.RuntimeException;
+import java.lang.Throwable;
+import java.security.AlgorithmParameters;
+import javax.crypto.AEADBadTagException;
+import javax.crypto.Cipher;
+import javax.crypto.CipherInputStream;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+import javax.crypto.spec.GCMParameterSpec;
+
+public class CipherInputStreamExceptions {
+
+ static SecretKeySpec key = new SecretKeySpec(new byte[16], "AES");
+ static GCMParameterSpec gcmspec = new GCMParameterSpec(128, new byte[16]);
+ static IvParameterSpec iv = new IvParameterSpec(new byte[16]);
+ static boolean failure = false;
+
+ /* Full read stream, check that getMoreData() is throwing an exception
+ * This test
+ * 1) Encrypt 100 bytes with AES/GCM/PKCS5Padding
+ * 2) Changes the last byte to invalidate the authetication tag.
+ * 3) Fully reads CipherInputStream to decrypt the message and closes
+ */
+
+ static void gcm_AEADBadTag() throws Exception {
+ Cipher c;
+ byte[] read = new byte[200];
+
+ System.out.println("Running gcm_AEADBadTag");
+
+ // Encrypt 100 bytes with AES/GCM/PKCS5Padding
+ byte[] ct = encryptedText("GCM", 100);
+ // Corrupt the encrypted message
+ ct = corruptGCM(ct);
+ // Create stream for decryption
+ CipherInputStream in = getStream("GCM", ct);
+
+ try {
+ int size = in.read(read);
+ throw new RuntimeException("Fail: CipherInputStream.read() " +
+ "returned " + size + " and didn't throw an exception.");
+ } catch (IOException e) {
+ Throwable ec = e.getCause();
+ if (ec instanceof AEADBadTagException) {
+ System.out.println(" Pass.");
+ } else {
+ System.out.println(" Fail: " + ec.getMessage());
+ throw new RuntimeException(ec);
+ }
+ } finally {
+ in.close();
+ }
+ }
+
+ /* Short read stream,
+ * This test
+ * 1) Encrypt 100 bytes with AES/GCM/PKCS5Padding
+ * 2) Reads 100 bytes from stream to decrypt the message and closes
+ * 3) Make sure no value is returned by read()
+ * 4) Make sure no exception is thrown
+ */
+
+ static void gcm_shortReadAEAD() throws Exception {
+ Cipher c;
+ byte[] read = new byte[100];
+
+ System.out.println("Running gcm_shortReadAEAD");
+
+ byte[] pt = new byte[600];
+ pt[0] = 1;
+ // Encrypt provided 600 bytes with AES/GCM/PKCS5Padding
+ byte[] ct = encryptedText("GCM", pt);
+ // Create stream for decryption
+ CipherInputStream in = getStream("GCM", ct);
+
+ int size = 0;
+ try {
+ size = in.read(read);
+ in.close();
+ if (read.length != 100) {
+ throw new RuntimeException("Fail: read size = " + read.length +
+ "should be 100.");
+ }
+ if (read[0] != 1) {
+ throw new RuntimeException("Fail: The decrypted text does " +
+ "not match the plaintext: '" + read[0] +"'");
+ }
+ } catch (IOException e) {
+ System.out.println(" Fail: " + e.getMessage());
+ throw new RuntimeException(e.getCause());
+ }
+ System.out.println(" Pass.");
+ }
+
+ /*
+ * Verify doFinal() exception is suppressed when input stream is not
+ * read before it is closed.
+ * This test:
+ * 1) Encrypt 100 bytes with AES/GCM/PKCS5Padding
+ * 2) Changes the last byte to invalidate the authetication tag.
+ * 3) Opens a CipherInputStream and the closes it. Never reads from it.
+ *
+ * There should be no exception thrown.
+ */
+ static void gcm_suppressUnreadCorrupt() throws Exception {
+ Cipher c;
+ byte[] read = new byte[200];
+
+ System.out.println("Running supressUnreadCorrupt test");
+
+ // Encrypt 100 bytes with AES/GCM/PKCS5Padding
+ byte[] ct = encryptedText("GCM", 100);
+ // Corrupt the encrypted message
+ ct = corruptGCM(ct);
+ // Create stream for decryption
+ CipherInputStream in = getStream("GCM", ct);
+
+ try {
+ in.close();
+ System.out.println(" Pass.");
+ } catch (IOException e) {
+ System.out.println(" Fail: " + e.getMessage());
+ throw new RuntimeException(e.getCause());
+ }
+ }
+
+ /*
+ * Verify noexception thrown when 1 byte is read from a GCM stream
+ * and then closed
+ * This test:
+ * 1) Encrypt 100 bytes with AES/GCM/PKCS5Padding
+ * 2) Read one byte from the stream, expect no exception thrown.
+ * 4) Close stream,expect no exception thrown.
+ */
+ static void gcm_oneReadByte() throws Exception {
+
+ System.out.println("Running gcm_oneReadByte test");
+
+ // Encrypt 100 bytes with AES/GCM/PKCS5Padding
+ byte[] ct = encryptedText("GCM", 100);
+ // Create stream for decryption
+ CipherInputStream in = getStream("GCM", ct);
+
+ try {
+ in.read();
+ System.out.println(" Pass.");
+ } catch (Exception e) {
+ System.out.println(" Fail: " + e.getMessage());
+ throw new RuntimeException(e.getCause());
+ }
+ }
+
+ /*
+ * Verify exception thrown when 1 byte is read from a corrupted GCM stream
+ * and then closed
+ * This test:
+ * 1) Encrypt 100 bytes with AES/GCM/PKCS5Padding
+ * 2) Changes the last byte to invalidate the authetication tag.
+ * 3) Read one byte from the stream, expect exception thrown.
+ * 4) Close stream,expect no exception thrown.
+ */
+ static void gcm_oneReadByteCorrupt() throws Exception {
+
+ System.out.println("Running gcm_oneReadByteCorrupt test");
+
+ // Encrypt 100 bytes with AES/GCM/PKCS5Padding
+ byte[] ct = encryptedText("GCM", 100);
+ // Corrupt the encrypted message
+ ct = corruptGCM(ct);
+ // Create stream for decryption
+ CipherInputStream in = getStream("GCM", ct);
+
+ try {
+ in.read();
+ System.out.println(" Fail. No exception thrown.");
+ } catch (IOException e) {
+ Throwable ec = e.getCause();
+ if (ec instanceof AEADBadTagException) {
+ System.out.println(" Pass.");
+ } else {
+ System.out.println(" Fail: " + ec.getMessage());
+ throw new RuntimeException(ec);
+ }
+ }
+ }
+
+ /* Check that close() does not throw an exception with full message in
+ * CipherInputStream's ibuffer.
+ * This test:
+ * 1) Encrypts a 97 byte message with AES/CBC/PKCS5Padding
+ * 2) Create a stream that sends 96 bytes.
+ * 3) Read stream once,
+ * 4) Close and expect no exception
+ */
+
+ static void cbc_shortStream() throws Exception {
+ Cipher c;
+ AlgorithmParameters params;
+ byte[] read = new byte[200];
+
+ System.out.println("Running cbc_shortStream");
+
+ // Encrypt 97 byte with AES/CBC/PKCS5Padding
+ byte[] ct = encryptedText("CBC", 97);
+ // Create stream with only 96 bytes of encrypted data
+ CipherInputStream in = getStream("CBC", ct, 96);
+
+ try {
+ int size = in.read(read);
+ in.close();
+ if (size != 80) {
+ throw new RuntimeException("Fail: CipherInputStream.read() " +
+ "returned " + size + ". Should have been 80");
+ }
+ System.out.println(" Pass.");
+ } catch (IOException e) {
+ System.out.println(" Fail: " + e.getMessage());
+ throw new RuntimeException(e.getCause());
+ }
+ }
+
+ /* Check that close() does not throw an exception when the whole message is
+ * inside the internal buffer (ibuffer) in CipherInputStream and we read
+ * one byte and close the stream.
+ * This test:
+ * 1) Encrypts a 400 byte message with AES/CBC/PKCS5Padding
+ * 2) Read one byte from the stream
+ * 3) Close and expect no exception
+ */
+
+ static void cbc_shortRead400() throws Exception {
+ System.out.println("Running cbc_shortRead400");
+
+ // Encrypt 400 byte with AES/CBC/PKCS5Padding
+ byte[] ct = encryptedText("CBC", 400);
+ // Create stream with encrypted data
+ CipherInputStream in = getStream("CBC", ct);
+
+ try {
+ in.read();
+ in.close();
+ System.out.println(" Pass.");
+ } catch (IOException e) {
+ System.out.println(" Fail: " + e.getMessage());
+ throw new RuntimeException(e.getCause());
+ }
+ }
+
+ /* Check that close() does not throw an exception when the inside the
+ * internal buffer (ibuffer) in CipherInputStream does not contain the
+ * whole message.
+ * This test:
+ * 1) Encrypts a 600 byte message with AES/CBC/PKCS5Padding
+ * 2) Read one byte from the stream
+ * 3) Close and expect no exception
+ */
+
+ static void cbc_shortRead600() throws Exception {
+ System.out.println("Running cbc_shortRead600");
+
+ // Encrypt 600 byte with AES/CBC/PKCS5Padding
+ byte[] ct = encryptedText("CBC", 600);
+ // Create stream with encrypted data
+ CipherInputStream in = getStream("CBC", ct);
+
+ try {
+ in.read();
+ in.close();
+ System.out.println(" Pass.");
+ } catch (IOException e) {
+ System.out.println(" Fail: " + e.getMessage());
+ throw new RuntimeException(e.getCause());
+ }
+ }
+
+ /* Check that exception is thrown when message is fully read
+ * This test:
+ * 1) Encrypts a 96 byte message with AES/CBC/PKCS5Padding
+ * 2) Create a stream that sends 95 bytes.
+ * 3) Read stream to the end
+ * 4) Expect IllegalBlockSizeException thrown
+ */
+
+ static void cbc_readAllIllegalBlockSize() throws Exception {
+ byte[] read = new byte[200];
+
+ System.out.println("Running cbc_readAllIllegalBlockSize test");
+
+ // Encrypt 96 byte with AES/CBC/PKCS5Padding
+ byte[] ct = encryptedText("CBC", 96);
+ // Create a stream with only 95 bytes of encrypted data
+ CipherInputStream in = getStream("CBC", ct, 95);
+
+ try {
+ int s, size = 0;
+ while ((s = in.read(read)) != -1) {
+ size += s;
+ }
+ throw new RuntimeException("Fail: No IllegalBlockSizeException. " +
+ "CipherInputStream.read() returned " + size);
+
+ } catch (IOException e) {
+ Throwable ec = e.getCause();
+ if (ec instanceof IllegalBlockSizeException) {
+ System.out.println(" Pass.");
+ } else {
+ System.out.println(" Fail: " + ec.getMessage());
+ throw new RuntimeException(ec);
+ }
+ }
+ }
+
+ /* Generic method to create encrypted text */
+ static byte[] encryptedText(String mode, int length) throws Exception{
+ return encryptedText(mode, new byte[length]);
+ }
+
+ /* Generic method to create encrypted text */
+ static byte[] encryptedText(String mode, byte[] pt) throws Exception{
+ Cipher c;
+ if (mode.compareTo("GCM") == 0) {
+ c = Cipher.getInstance("AES/GCM/PKCS5Padding", "SunJCE");
+ c.init(Cipher.ENCRYPT_MODE, key, gcmspec);
+ } else if (mode.compareTo("CBC") == 0) {
+ c = Cipher.getInstance("AES/CBC/PKCS5Padding", "SunJCE");
+ c.init(Cipher.ENCRYPT_MODE, key, iv);
+ } else {
+ return null;
+ }
+
+ return c.doFinal(pt);
+ }
+
+ /* Generic method to get a properly setup CipherInputStream */
+ static CipherInputStream getStream(String mode, byte[] ct) throws Exception {
+ return getStream(mode, ct, ct.length);
+ }
+
+ /* Generic method to get a properly setup CipherInputStream */
+ static CipherInputStream getStream(String mode, byte[] ct, int length)
+ throws Exception {
+ Cipher c;
+
+ if (mode.compareTo("GCM") == 0) {
+ c = Cipher.getInstance("AES/GCM/PKCS5Padding", "SunJCE");
+ c.init(Cipher.DECRYPT_MODE, key, gcmspec);
+ } else if (mode.compareTo("CBC") == 0) {
+ c = Cipher.getInstance("AES/CBC/PKCS5Padding", "SunJCE");
+ c.init(Cipher.DECRYPT_MODE, key, iv);
+ } else {
+ return null;
+ }
+
+ return new CipherInputStream(new ByteArrayInputStream(ct, 0, length), c);
+
+ }
+
+ /* Generic method for corrupting a GCM message. Change the last
+ * byte on of the authentication tag
+ */
+ static byte[] corruptGCM(byte[] ct) {
+ ct[ct.length - 1] = (byte) (ct[ct.length - 1] + 1);
+ return ct;
+ }
+
+ public static void main(String[] args) throws Exception {
+ gcm_AEADBadTag();
+ gcm_shortReadAEAD();
+ gcm_suppressUnreadCorrupt();
+ gcm_oneReadByte();
+ gcm_oneReadByteCorrupt();
+ cbc_shortStream();
+ cbc_shortRead400();
+ cbc_shortRead600();
+ cbc_readAllIllegalBlockSize();
+ }
+}
--- ./jdk/test/javax/management/monitor/CounterMonitorTest.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/test/javax/management/monitor/CounterMonitorTest.java Tue Jun 02 13:49:09 2015 +0300
@@ -68,7 +68,7 @@
observedValue = count;
CounterMonitorTest.class.notifyAll();
}
- return count;
+ return observedValue;
}
public void setNbObjects(Object n) {
echo(">>> StdObservedObject.setNbObjects: " + n);
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ ./jdk/test/javax/xml/jaxp/parsers/8073385/BadExceptionMessageTest.java Tue Jun 02 13:49:09 2015 +0300
@@ -0,0 +1,94 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/**
+ * @test
+ * @bug 8073385
+ * @summary test that invalid XML character exception string contains
+ * information about character value, element and attribute names
+ * @run testng/othervm BadExceptionMessageTest
+ */
+
+import java.io.StringReader;
+import java.util.Locale;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.DocumentBuilder;
+import org.xml.sax.SAXException;
+import org.xml.sax.InputSource;
+
+import org.testng.annotations.AfterClass;
+import org.testng.annotations.BeforeClass;
+import org.testng.annotations.DataProvider;
+import org.testng.annotations.Test;
+import static org.testng.Assert.assertTrue;
+
+public class BadExceptionMessageTest {
+
+ private Locale defLoc;
+
+ @BeforeClass
+ private void setup() {
+ defLoc = Locale.getDefault();
+ Locale.setDefault(Locale.ENGLISH);
+ }
+
+ @AfterClass
+ private void cleanup() {
+ Locale.setDefault(defLoc);
+ }
+
+ @DataProvider(name = "illegalCharactersData")
+ public static Object[][] illegalCharactersData() {
+ return new Object[][]{
+ {0x00},
+ {0xFFFE},
+ {0xFFFF}
+ };
+ }
+
+ @Test(dataProvider = "illegalCharactersData")
+ public void test(int character) throws Exception {
+ // Construct the XML document as a String
+ int[] cps = new int[]{character};
+ String txt = new String(cps, 0, cps.length);
+ String inxml = "";
+ String exceptionText = "NO EXCEPTION OBSERVED";
+ String hexString = "0x" + Integer.toHexString(character);
+
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+ dbf.setNamespaceAware(true);
+ dbf.setValidating(false);
+ DocumentBuilder db = dbf.newDocumentBuilder();
+ InputSource isrc = new InputSource(new StringReader(inxml));
+
+ try {
+ db.parse(isrc);
+ } catch (SAXException e) {
+ exceptionText = e.toString();
+ }
+ System.out.println("Got Exception:" + exceptionText);
+ assertTrue(exceptionText.contains("attribute \"attTest\""));
+ assertTrue(exceptionText.contains("element is \"topElement\""));
+ assertTrue(exceptionText.contains("Unicode: " + hexString));
+ }
+}
--- ./jdk/test/javax/xml/jaxp/transform/8062923/XslSubstringTest.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/test/javax/xml/jaxp/transform/8062923/XslSubstringTest.java Tue Jun 02 13:49:09 2015 +0300
@@ -23,10 +23,11 @@
/**
* @test
- * @bug 8062923 8062924
+ * @bug 8062923 8062924 8074297 8076290
* @run testng XslSubstringTest
* @summary Test xsl substring function with negative, Inf and
- * NaN length and few other use cases
+ * NaN length and few other use cases. Also test proper
+ * processing of supplementary characters by substring function.
*/
import java.io.StringReader;
@@ -39,6 +40,7 @@
import javax.xml.transform.stream.StreamSource;
import static org.testng.Assert.assertEquals;
+import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;
public class XslSubstringTest {
@@ -50,6 +52,36 @@
+ "";
final String xslPost = "";
+ @DataProvider(name = "GeneralTestsData")
+ private Object[][] xmls() {
+ return new Object[][] {
+ { "||", "|s|"},
+ { "||", "|sdf|"},
+ { "||", "||" },
+ { "||", "|sdf|" },
+ // 8076290 bug test case
+ { "||", "|12|"},
+ };
+ }
+
+ @DataProvider(name = "SupplementaryCharactersTestData")
+ private Object[][] dataSupplementaryCharacters() {
+ return new Object[][] {
+ // 8074297 bug test cases
+ { "||", "|BC|"},
+ { "||", "|B|" },
+ { "||", "|AB|"},
+ { "||", "|BC|"},
+ { "||", "|BC|"},
+ { "||", "|𠀋|"},
+ { "||", "|A|"},
+ { "||", "|𠀋ABC|"},
+ { "||", "|𠀋ABC|"},
+ // 8076290 bug test case
+ { "||", "|𠀋|"},
+ };
+ }
+
private String testTransform(String xsl) throws Exception {
//Prepare sources for transormation
Source src = new StreamSource(new StringReader(xml));
@@ -78,27 +110,14 @@
"||");
}
- @Test
- public void testGeneral1() throws Exception {
- assertEquals(testTransform("||"),
- "|s|");
+ @Test(dataProvider = "GeneralTestsData")
+ public void testGeneralAll(String xsl, String result) throws Exception {
+ assertEquals(testTransform(xsl), result);
}
- @Test
- public void testGeneral2() throws Exception {
- assertEquals(testTransform("||"),
- "|sdf|");
+ @Test(dataProvider = "SupplementaryCharactersTestData")
+ public void testSupplementCharacters(String xsl, String result) throws Exception {
+ assertEquals(testTransform(xsl), result);
}
- @Test
- public void testGeneral3() throws Exception {
- assertEquals(testTransform("||"),
- "||");
- }
-
- @Test
- public void testGeneral4() throws Exception {
- assertEquals(testTransform("||"),
- "||");
- }
}
--- ./jdk/test/javax/xml/ws/8046817/GenerateEnumSchema.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/test/javax/xml/ws/8046817/GenerateEnumSchema.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -23,57 +23,83 @@
/*
* @test
- * @bug 8046817
- * @summary schemagen fails to generate xsd for enum types
+ * @bug 8046817 8073357
+ * @summary schemagen fails to generate xsd for enum types.
+ * Check that order of Enum values is preserved.
* @run main/othervm GenerateEnumSchema
*/
import java.io.BufferedReader;
import java.io.File;
-import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStreamReader;
+import java.nio.file.Files;
import java.nio.file.Paths;
-import java.util.Scanner;
+import java.util.stream.Collectors;
public class GenerateEnumSchema {
private static final String SCHEMA_OUTPUT_FILENAME = "schema1.xsd";
private static final File schemaOutputFile = new File(SCHEMA_OUTPUT_FILENAME);
+ private static final String[] expectedEnums = {
+ "\"FIRST\"", "\"ONE\"", "\"TWO\"", "\"THREE\"",
+ "\"FOUR\"", "\"FIVE\"", "\"SIX\"", "\"LAST\""};
+ private static String schemaContent = "";
- public static void main(String[] args) throws Exception, IOException {
+ public static void main(String[] args) throws Exception {
+
//Check schema generation for class type
runSchemaGen("TestClassType.java");
checkIfSchemaGenerated();
+ readSchemaContent();
checkSchemaContent("");
checkSchemaContent("");
- schemaOutputFile.delete();
+
//Check schema generation for enum type
runSchemaGen("TestEnumType.java");
checkIfSchemaGenerated();
+ readSchemaContent();
+ //Check if Enum type schema is generated
checkSchemaContent("");
- checkSchemaContent("");
- checkSchemaContent("");
- checkSchemaContent("");
+ //Check the sequence of enum values order
+ checkEnumOrder();
schemaOutputFile.delete();
}
+ // Check if schema file successfully generated by schemagen
private static void checkIfSchemaGenerated() {
if (!schemaOutputFile.exists()) {
throw new RuntimeException("FAIL:" + SCHEMA_OUTPUT_FILENAME + " was not generated by schemagen tool");
}
}
- private static void checkSchemaContent(String exp_token) throws FileNotFoundException {
- System.out.print("Check if generated schema contains '" + exp_token + "' string: ");
- try (Scanner scanner = new Scanner(schemaOutputFile)) {
- if (scanner.findWithinHorizon(exp_token, 0) != null) {
- System.out.println("OK");
- return;
- }
+ //Read schema content from file
+ private static void readSchemaContent() throws Exception {
+ schemaContent = Files.lines(schemaOutputFile.toPath()).collect(Collectors.joining(""));
+ }
+
+ // Check if schema file contains specific string
+ private static void checkSchemaContent(String expContent) {
+ System.out.print("Check if generated schema contains '" + expContent + "' string: ");
+ if (schemaContent.contains(expContent)) {
+ System.out.println("OK");
+ return;
}
System.out.println("FAIL");
- throw new RuntimeException("The '" + exp_token + "' is not found in generated schema");
+ throw new RuntimeException("The '" + expContent + "' is not found in generated schema");
+ }
+ // Check if the generated schema contains all enum constants
+ // and their order is preserved
+ private static void checkEnumOrder() throws Exception {
+ int prevElem = -1;
+ for (String elem : expectedEnums) {
+ int curElem = schemaContent.indexOf(elem);
+ System.out.println(elem + " position = " + curElem);
+ if (curElem < prevElem) {
+ throw new RuntimeException("FAIL: Enum values order is incorrect or " + elem + " element is not found");
+ }
+ prevElem = curElem;
+ }
}
private static String getClassFilePath(String filename) {
--- ./jdk/test/javax/xml/ws/8046817/TestEnumType.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/test/javax/xml/ws/8046817/TestEnumType.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -25,5 +25,5 @@
@XmlEnum(String.class)
public enum TestEnumType {
- ONE, TWO, THREE
+ FIRST, ONE, TWO, THREE, FOUR, FIVE, SIX, LAST
}
--- ./jdk/test/lib/testlibrary/AssertsTest.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/test/lib/testlibrary/AssertsTest.java Tue Jun 02 13:49:09 2015 +0300
@@ -25,7 +25,6 @@
/* @test
* @summary Tests the different assertions in the Assert class
- * @library /testlibrary
*/
public class AssertsTest {
private static class Foo implements Comparable {
--- ./jdk/test/lib/testlibrary/OutputAnalyzerReportingTest.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/test/lib/testlibrary/OutputAnalyzerReportingTest.java Tue Jun 02 13:49:09 2015 +0300
@@ -27,7 +27,6 @@
* @summary Test the OutputAnalyzer reporting functionality,
* such as printing additional diagnostic info
* (exit code, stdout, stderr, command line, etc.)
- * @library /testlibrary
*/
import java.io.ByteArrayOutputStream;
--- ./jdk/test/lib/testlibrary/OutputAnalyzerTest.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/test/lib/testlibrary/OutputAnalyzerTest.java Tue Jun 02 13:49:09 2015 +0300
@@ -24,7 +24,6 @@
/*
* @test
* @summary Test the OutputAnalyzer utility class
- * @library /testlibrary
*/
import jdk.testlibrary.OutputAnalyzer;
--- ./jdk/test/sun/management/jmxremote/bootstrap/RmiBootstrapTest.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/test/sun/management/jmxremote/bootstrap/RmiBootstrapTest.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -43,6 +43,8 @@
import sun.management.AgentConfigurationError;
+import java.security.Security;
+
import util.TestLogger;
/**
@@ -133,6 +135,8 @@
"com.sun.management.jmxremote.ssl.enabled.protocols";
public static final String SSL_NEED_CLIENT_AUTH =
"com.sun.management.jmxremote.ssl.need.client.auth";
+ public static final String SSL_CLIENT_ENABLED_CIPHER_SUITES =
+ "javax.rmi.ssl.client.enabledCipherSuites";
}
/**
@@ -434,7 +438,7 @@
}
- private void setSslProperties() {
+ private void setSslProperties(String clientEnabledCipherSuites) {
final String defaultKeyStore =
getDefaultStoreName(DefaultValues.KEYSTORE);
final String defaultTrustStore =
@@ -465,6 +469,13 @@
System.setProperty(PropertyNames.TRUSTSTORE_PASSWD,trustword);
log.trace("setSslProperties",
PropertyNames.TRUSTSTORE_PASSWD+"="+trustword);
+
+ if (clientEnabledCipherSuites != null) {
+ System.setProperty("javax.rmi.ssl.client.enabledCipherSuites",
+ clientEnabledCipherSuites);
+ } else {
+ System.clearProperty("javax.rmi.ssl.client.enabledCipherSuites");
+ }
}
private void checkSslConfiguration() {
@@ -517,7 +528,10 @@
PropertyNames.SSL_ENABLED_PROTOCOLS + "=" +
sslProtocols);
- if (useSsl) setSslProperties();
+ if (useSsl) {
+ setSslProperties(props.getProperty(
+ PropertyNames.SSL_CLIENT_ENABLED_CIPHER_SUITES));
+ }
} catch (Exception x) {
System.out.println("Failed to setup SSL configuration: " + x);
log.debug("checkSslConfiguration",x);
@@ -871,6 +885,8 @@
* exit(1) if the test fails.
**/
public static void main(String args[]) throws Exception {
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+
setupBasePort();
RmiBootstrapTest manager = new RmiBootstrapTest();
try {
--- ./jdk/test/sun/management/jmxremote/bootstrap/management_ssltest07_ok.properties.in Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/test/sun/management/jmxremote/bootstrap/management_ssltest07_ok.properties.in Tue Jun 02 13:49:09 2015 +0300
@@ -2,3 +2,4 @@
com.sun.management.jmxremote.ssl.enabled.protocols=SSLv2Hello,SSLv3,TLSv1
com.sun.management.jmxremote.ssl.need.client.auth=true
com.sun.management.jmxremote.authenticate=false
+javax.rmi.ssl.client.enabledCipherSuites=SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5
--- ./jdk/test/sun/management/jmxremote/bootstrap/management_ssltest11_ok.properties.in Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/test/sun/management/jmxremote/bootstrap/management_ssltest11_ok.properties.in Tue Jun 02 13:49:09 2015 +0300
@@ -3,3 +3,4 @@
com.sun.management.jmxremote.ssl.need.client.auth=true
com.sun.management.jmxremote.ssl.config.file=@TEST-SRC@/jmxremote_ssltest11_ok.ssl
com.sun.management.jmxremote.authenticate=false
+javax.rmi.ssl.client.enabledCipherSuites=SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5
--- ./jdk/test/sun/security/ec/TestEC.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/test/sun/security/ec/TestEC.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -59,6 +59,11 @@
public class TestEC {
public static void main(String[] args) throws Exception {
+ // reset security properties to make sure that the algorithms
+ // and keys used in this test are not disabled.
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ Security.setProperty("jdk.certpath.disabledAlgorithms", "");
+
ProvidersSnapshot snapshot = ProvidersSnapshot.create();
try {
main0(args);
@@ -68,10 +73,6 @@
}
public static void main0(String[] args) throws Exception {
- // reset the security property to make sure that the algorithms
- // and keys used in this test are not disabled.
- Security.setProperty("jdk.tls.disabledAlgorithms", "");
-
Provider p = Security.getProvider("SunEC");
if (p == null) {
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ ./jdk/test/sun/security/jgss/spnego/MSOID.java Tue Jun 02 13:49:09 2015 +0300
@@ -0,0 +1,75 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8078439
+ * @summary SPNEGO auth fails if client proposes MS krb5 OID
+ */
+
+import org.ietf.jgss.GSSContext;
+import org.ietf.jgss.GSSCredential;
+import org.ietf.jgss.GSSException;
+import org.ietf.jgss.GSSManager;
+
+import java.lang.Exception;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.util.Arrays;
+import java.util.Base64;
+
+public class MSOID {
+ public static void main(String[] args) throws Exception {
+
+ // msoid.txt is a NegTokenInit packet sent from Internet Explorer to
+ // IIS server on a test machine. No sensitive info included.
+ byte[] header = Files.readAllBytes(
+ Paths.get(System.getProperty("test.src"), "msoid.txt"));
+ byte[] token = Base64.getMimeDecoder().decode(
+ Arrays.copyOfRange(header, 10, header.length));
+
+ GSSCredential cred = null;
+ GSSContext ctx = GSSManager.getInstance().createContext(cred);
+
+ try {
+ ctx.acceptSecContext(token, 0, token.length);
+ // Before the fix, GSS_KRB5_MECH_OID_MS is not recognized
+ // and acceptor chooses another mech and goes on
+ throw new Exception("Should fail");
+ } catch (GSSException gsse) {
+ // After the fix, GSS_KRB5_MECH_OID_MS is recognized but the token
+ // cannot be accepted because we don't have any krb5 credential.
+ gsse.printStackTrace();
+ if (gsse.getMajor() != GSSException.NO_CRED) {
+ throw gsse;
+ }
+ for (StackTraceElement st: gsse.getStackTrace()) {
+ if (st.getClassName().startsWith("sun.security.jgss.krb5.")) {
+ // Good, it is already in krb5 mech's hand.
+ return;
+ }
+ }
+ throw gsse;
+ }
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ ./jdk/test/sun/security/jgss/spnego/msoid.txt Tue Jun 02 13:49:09 2015 +0300
@@ -0,0 +1,27 @@
+Negotiate YIIGPAYGKwYBBQUCoIIGMDCCBiygMDAuBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBA
+GCNwICHgYKKwYBBAGCNwICCqKCBfYEggXyYIIF7gYJKoZIhvcSAQICAQBuggXdMIIF2aADAgEFoQMCAQ
+6iBwMFACAAAACjggTIYYIExDCCBMCgAwIBBaEOGwxUV0VMVkUuVEhJTkuiIzAhoAMCAQKhGjAYGwRIVF
+RQGxBrZGMuVFdFTFZFLlRISU5Lo4IEgjCCBH6gAwIBEqEDAgEJooIEcASCBGyoIL0zQevk57pY6D25+1
+SQbAeldYXkpdn8JlKgSyz1cdiTpwqDt8B7pj7AoKMPHCiVss37XCEpBIuZClBK3Jmry+QWXCbQemKvyO
+Caz806RDNB7TA7l1NxUJ6LsCiQncNV1TEq37NM6H8il6PjnbcBoMcHH/+cFGVPNP3eP+Z5Kd+5DZELPV
+qQkYogXybmngmYy2168OsfyANzotUpm/HBwEHKujCPH9Gbhwhmx4tUcBvCetPNoXmHOQZLB4u7uyblKO
+c6R2yGTFCa8DBQNXx38RRHgsvlNGlx+UsSoF4/DixAreNRkZnpKabn1cRK/KZh6vHfbL2QVegr1hrp71
+IJwyVuR+RTGL/7WCSWFClJyWD3Cm4+eK46uVj4MKPUJBc0XVViV/Dsh4N9EomVDkovWU/v+0d+W4pQJk
+BFnJoNYuaG8UnLWrxMKGNwVOfsblcJtB7B5zuZzsWsUIdmMT1n8mtWrv0wYiwvotfT6z/suk+Vhg9MGd
+uDmeneeG9deMDUMwrwB8u5J2VEeWKurBfDB02jv/08qAZS2ovBfV2SiXCuky5z7llvQ8uPsoezVwYdhu
+HmBuPE7PqDIkmkEJRWpq95dqxllCXvlL4uINxFadkhcbzuCDjSGil78p6FJTKc4Dt/kuug1zJuXhJO1L
+2CgkMsYPTogoUvAtplzIDF0nSMwJUIJzQXIHCFasmDNJA1GAvQD+Qh7Mp4dYb2Uid+sSM2qlQn8bgR9S
+dlfL/olQ9GKPOBBGwsVoZKR3Brimc9LOJofPMEEa560KQNgtO1MyjoqEJKzFq+2wVZQahvpcV7VgixCq
+Nom3Wd4NdZ3QM0PHL7e9bl3/qCsWaiNlmRW7gupz8nNCtWNMf4UBqIeo9jPH9Cb96fOUM4c7XXp4iX6w
+ns1MsmPZ4VQDRU7VK+yTC81KGfMlSvrvqCJfGoxy0NaeXtmkN55oAhaj8ebiEBdKCXXF5wk0zqvt1ifE
+9ywYk/AbdFBPThyOT6Tu9x41gi6mCTiMtSdg7cFY+5yXd3UIgUwnbOG3IwAkdLXlepvnHwEXCXkbfbr9
+e1wjs5LMmYRunJ05FOx8iAibB8bWjgiFmYWbeyjyQF3KDs5cpvROXcapT1+KlFU4lEO8lnKM/Ipq81ED
+s+/DygXCvlskeKV57URx+XcMWnURu4hdGHbCPY/X7eOmox0mw5/V0rJMIjSjQNPyi4UM4dDTso6mt0XE
+h+YyCGmV67D8/nihO/NaRFEFxHlaGwh3Lqu/Tero88iuDb9U1uEWz8cF8wr+2azyOTmhi/ID/jfiEC8i
+b/hjYEcBI99x/CNmuuM7uCwTPIsJtBD3AnUdPa/yo41rCtm/K5HZCTzw2W93vaHqyttEC7c70rdAUB49
+CfSAVtH4gwxCDKMSJMlELfHGrIloEppEoUEc7LOdmzinvzcuajj0moBn5WUZHiVmopLjGjW7wunmMPQS
+H9FmCQf2I1N4E6nZfH+cUzBbHkIF5XHY4KXwmJQ3UdbUDp8z3npIH3MIH0oAMCARKigewEgenD23U6gQ
+aORjuWnT1nqadqR+E5fa/viohey4g6mn6uPfVRPz5a7OsDOurQV9wHR/VEwvjpdlZzMcANbt28Ut3YvQ
+SWWwqALoLtSLOTgXmK9Higb+NSSO7hKtqKgDWREfQisn3xE9PGkMUlanu2es34+k43AQmJf2InvFNNcy
+PcKllikoMOldVeoF1BIKvbDI0+vE3SwSrD0UhUdDeeZTN33b0Y8f3I1UYtidwxcRRkvCaNEhphtr8hp8
+hXWQkuxVvF2TiQyHF4PnJkgb1Zr6GXydOmMgMJE1anPFKFKWH6PZWGnp8mw0F5zw==
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ ./jdk/test/sun/security/krb5/auto/MSOID2.java Tue Jun 02 13:49:09 2015 +0300
@@ -0,0 +1,78 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8078439
+ * @summary SPNEGO auth fails if client proposes MS krb5 OID
+ * @compile -XDignore.symbol.file MSOID2.java
+ * @run main/othervm MSOID2
+ */
+
+import sun.security.jgss.GSSUtil;
+
+// The basic krb5 test skeleton you can copy from
+public class MSOID2 {
+
+ public static void main(String[] args) throws Exception {
+
+ new OneKDC(null).writeJAASConf();
+
+ Context c, s;
+ c = Context.fromJAAS("client");
+ s = Context.fromJAAS("server");
+
+ c.startAsClient(OneKDC.SERVER, GSSUtil.GSS_SPNEGO_MECH_OID);
+ s.startAsServer(GSSUtil.GSS_SPNEGO_MECH_OID);
+
+ byte[] t = new byte[0];
+ boolean first = true;
+ while (true) {
+ if (t != null || !c.x().isEstablished()) t = c.take(t);
+ if (first) {
+ // Tweak the packet to append an extra OID
+ int len = t.length;
+ byte[] nt = new byte[len + 11];
+ System.arraycopy(t, 0, nt, 0, 0x23);
+ System.arraycopy(t, 0x18, nt, 0x23, 11); // dup the OID
+ System.arraycopy(t, 0x23, nt, 0x2e, len-0x23);
+ nt[0x1d] = (byte)0x82; // change the 1st to MS OID
+ // Length bytes to be tweaked
+ for (int pos: new int[] {3, 0xf, 0x13, 0x15, 0x17}) {
+ nt[pos] = (byte)(nt[pos] + 11);
+ }
+ t = nt;
+ new sun.misc.HexDumpEncoder().encodeBuffer(t, System.out);
+ }
+ if (t != null || !s.x().isEstablished()) t = s.take(t);
+ if (c.x().isEstablished() && s.x().isEstablished()) break;
+ first = false;
+ }
+
+ Context.transmit("i say high --", c, s);
+ Context.transmit(" you say low", s, c);
+
+ s.dispose();
+ c.dispose();
+ }
+}
--- ./jdk/test/sun/security/pkcs11/sslecc/CipherTest.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/test/sun/security/pkcs11/sslecc/CipherTest.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -45,7 +45,7 @@
public class CipherTest {
// use any available port for the server socket
- static int serverPort = 0;
+ static volatile int serverPort = 0;
final int THREADS;
--- ./jdk/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/test/sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -43,9 +43,10 @@
private static String[] cmdArgs;
public static void main(String[] args) throws Exception {
- // reset the security property to make sure that the algorithms
+ // reset security properties to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ Security.setProperty("jdk.certpath.disabledAlgorithms", "");
cmdArgs = args;
main(new ClientJSSEServerJSSE());
--- ./jdk/test/sun/security/pkcs11/sslecc/JSSEServer.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/test/sun/security/pkcs11/sslecc/JSSEServer.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -42,7 +42,7 @@
serverContext.init(new KeyManager[] {cipherTest.keyManager}, new TrustManager[] {cipherTest.trustManager}, cipherTest.secureRandom);
SSLServerSocketFactory factory = (SSLServerSocketFactory)serverContext.getServerSocketFactory();
- serverSocket = (SSLServerSocket)factory.createServerSocket(cipherTest.serverPort);
+ serverSocket = (SSLServerSocket)factory.createServerSocket(0);
cipherTest.serverPort = serverSocket.getLocalPort();
serverSocket.setEnabledCipherSuites(factory.getSupportedCipherSuites());
serverSocket.setWantClientAuth(true);
--- ./jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/DHKeyExchange/DHEKeySizing.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -100,6 +100,7 @@
import javax.net.ssl.SSLEngineResult.*;
import java.io.*;
import java.nio.*;
+import java.security.Security;
import java.security.KeyStore;
import java.security.KeyFactory;
import java.security.cert.Certificate;
@@ -377,6 +378,11 @@
}
public static void main(String args[]) throws Exception {
+ // reset security properties to make sure that the algorithms
+ // and keys used in this test are not disabled.
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ Security.setProperty("jdk.certpath.disabledAlgorithms", "");
+
if (args.length != 4) {
System.out.println(
"Usage: java DHEKeySizing cipher-suite " +
--- ./jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ServerHandshaker/AnonCipherWithWantClientAuth.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/test/sun/security/ssl/com/sun/net/ssl/internal/ssl/ServerHandshaker/AnonCipherWithWantClientAuth.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -21,6 +21,11 @@
* questions.
*/
+//
+// SunJSSE does not support dynamic system properties, no way to re-use
+// system properties in samevm/agentvm mode.
+//
+
/*
* @test
* @bug 4392475
@@ -34,6 +39,7 @@
import java.io.*;
import java.net.*;
import javax.net.ssl.*;
+import java.security.Security;
public class AnonCipherWithWantClientAuth {
@@ -156,6 +162,11 @@
volatile Exception clientException = null;
public static void main(String[] args) throws Exception {
+ // reset security properties to make sure that the algorithms
+ // and keys used in this test are not disabled.
+ Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ Security.setProperty("jdk.certpath.disabledAlgorithms", "");
+
String keyFilename =
System.getProperty("test.src", "./") + "/" + pathToStores +
"/" + keyStoreFile;
--- ./jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -79,6 +79,9 @@
ssle1.setEnabledCipherSuites(new String [] {
"SSL_RSA_WITH_RC4_128_MD5"});
+ ssle2.setEnabledCipherSuites(new String [] {
+ "SSL_RSA_WITH_RC4_128_MD5"});
+
createBuffers();
}
--- ./jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/LargeBufs.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2004, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -92,6 +92,7 @@
createSSLEngines();
System.out.println("Using " + cipher);
+ ssle1.setEnabledCipherSuites(new String [] { cipher });
ssle2.setEnabledCipherSuites(new String [] { cipher });
createBuffers();
--- ./jdk/test/sun/security/ssl/javax/net/ssl/SSLParameters/UseCipherSuitesOrder.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/test/sun/security/ssl/javax/net/ssl/SSLParameters/UseCipherSuitesOrder.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -31,7 +31,7 @@
* @bug 7188657
* @summary There should be a way to reorder the JSSE ciphers
* @run main/othervm UseCipherSuitesOrder
- * TLS_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA
+ * TLS_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA
*/
import java.io.*;
--- ./jdk/test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/test/sun/security/ssl/javax/net/ssl/TLSv11/GenericStreamCipher.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2010, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -93,6 +93,10 @@
SSLServerSocket sslServerSocket =
(SSLServerSocket) sslssf.createServerSocket(serverPort);
+ // enable a stream cipher
+ sslServerSocket.setEnabledCipherSuites(
+ new String[] {"SSL_RSA_WITH_RC4_128_MD5"});
+
serverPort = sslServerSocket.getLocalPort();
/*
--- ./jdk/test/sun/security/ssl/sanity/ciphersuites/CipherSuitesInOrder.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/test/sun/security/ssl/sanity/ciphersuites/CipherSuitesInOrder.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -93,13 +93,6 @@
"SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
"SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA",
- "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
- "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
- "SSL_RSA_WITH_RC4_128_SHA",
- "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
- "TLS_ECDH_RSA_WITH_RC4_128_SHA",
- "SSL_RSA_WITH_RC4_128_MD5",
-
"TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
"TLS_DH_anon_WITH_AES_256_GCM_SHA384",
@@ -113,8 +106,16 @@
"TLS_DH_anon_WITH_AES_128_CBC_SHA",
"TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
"SSL_DH_anon_WITH_3DES_EDE_CBC_SHA",
+
+ "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
+ "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
+ "SSL_RSA_WITH_RC4_128_SHA",
+ "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
+ "TLS_ECDH_RSA_WITH_RC4_128_SHA",
+ "SSL_RSA_WITH_RC4_128_MD5",
"TLS_ECDH_anon_WITH_RC4_128_SHA",
"SSL_DH_anon_WITH_RC4_128_MD5",
+
"SSL_RSA_WITH_DES_CBC_SHA",
"SSL_DHE_RSA_WITH_DES_CBC_SHA",
"SSL_DHE_DSS_WITH_DES_CBC_SHA",
--- ./jdk/test/sun/security/ssl/sanity/interop/ClientJSSEServerJSSE.java Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/test/sun/security/ssl/sanity/interop/ClientJSSEServerJSSE.java Tue Jun 02 13:49:09 2015 +0300
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2002, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -34,9 +34,10 @@
public class ClientJSSEServerJSSE {
public static void main(String[] args) throws Exception {
- // reset the security property to make sure that the algorithms
+ // reset security properties to make sure that the algorithms
// and keys used in this test are not disabled.
Security.setProperty("jdk.tls.disabledAlgorithms", "");
+ Security.setProperty("jdk.certpath.disabledAlgorithms", "");
CipherTest.main(new JSSEFactory(), args);
}
--- ./jdk/test/sun/util/calendar/zi/tzdata/VERSION Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/test/sun/util/calendar/zi/tzdata/VERSION Tue Jun 02 13:49:09 2015 +0300
@@ -21,4 +21,4 @@
# or visit www.oracle.com if you need additional information or have any
# questions.
#
-tzdata2015a
+tzdata2015d
--- ./jdk/test/sun/util/calendar/zi/tzdata/africa Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/test/sun/util/calendar/zi/tzdata/africa Tue Jun 02 13:49:09 2015 +0300
@@ -342,35 +342,29 @@
# above) says DST had no affect on electricity consumption. There is
# no information about when DST will end this fall. See:
# http://abcnews.go.com/International/wireStory/el-sissi-pushes-egyptians-line-23614833
+
+# From Steffen Thorsen (2015-04-08):
+# Egypt will start DST on midnight after Thursday, April 30, 2015.
+# This is based on a law (no 35) from May 15, 2014 saying it starts the last
+# Thursday of April.... Clocks will still be turned back for Ramadan, but
+# dates not yet announced....
+# http://almogaz.com/news/weird-news/2015/04/05/1947105 ...
+# http://www.timeanddate.com/news/time/egypt-starts-dst-2015.html
+
+# From Ahmed Nazmy (2015-04-20):
+# Egypt's ministers cabinet just announced ... that it will cancel DST at
+# least for 2015.
#
-# For now, guess that later spring and fall transitions will use
-# 2010's rules, and guess that Egypt will switch to standard time at
-# 24:00 the last Thursday before Ramadan, and back to DST at 00:00 the
-# first Friday after Ramadan. To implement this,
-# transition dates for 2015 through 2037 were determined by running
-# the following program under GNU Emacs 24.3, with the results integrated
-# by hand into the table below. Ramadan again intrudes on the guessed
-# DST starting in 2038, but that's beyond our somewhat-arbitrary cutoff.
-# (let ((islamic-year 1436))
-# (while (< islamic-year 1460)
-# (let ((a (calendar-islamic-to-absolute (list 9 1 islamic-year)))
-# (b (calendar-islamic-to-absolute (list 10 1 islamic-year)))
-# (friday 5))
-# (while (/= friday (mod a 7))
-# (setq a (1- a)))
-# (while (/= friday (mod b 7))
-# (setq b (1+ b)))
-# (setq a (1- a))
-# (setq b (1- b))
-# (setq a (calendar-gregorian-from-absolute a))
-# (setq b (calendar-gregorian-from-absolute b))
-# (insert
-# (format
-# (concat "Rule\tEgypt\t%d\tonly\t-\t%s\t%2d\t24:00\t0\t-\n"
-# "Rule\tEgypt\t%d\tonly\t-\t%s\t%2d\t24:00\t1:00\tS\n")
-# (car (cdr (cdr a))) (calendar-month-name (car a) t) (car (cdr a))
-# (car (cdr (cdr b))) (calendar-month-name (car b) t) (car (cdr b)))))
-# (setq islamic-year (+ 1 islamic-year))))
+# From Tim Parenti (2015-04-20):
+# http://english.ahram.org.eg/WriterArticles/NewsContentP/1/128195/Egypt/No-daylight-saving-this-summer-Egypts-prime-minist.aspx
+# "Egypt's cabinet agreed on Monday not to switch clocks for daylight saving
+# time this summer, and carry out studies on the possibility of canceling the
+# practice altogether in future years."
+#
+# From Paul Eggert (2015-04-20):
+# For now, assume DST will be canceled. Any resumption would likely
+# use different rules anyway.
+
Rule Egypt 2008 only - Aug lastThu 24:00 0 -
Rule Egypt 2009 only - Aug 20 24:00 0 -
Rule Egypt 2010 only - Aug 10 24:00 0 -
@@ -379,22 +373,7 @@
Rule Egypt 2014 only - May 15 24:00 1:00 S
Rule Egypt 2014 only - Jun 26 24:00 0 -
Rule Egypt 2014 only - Jul 31 24:00 1:00 S
-Rule Egypt 2014 max - Sep lastThu 24:00 0 -
-Rule Egypt 2015 2019 - Apr lastFri 0:00s 1:00 S
-Rule Egypt 2015 only - Jun 11 24:00 0 -
-Rule Egypt 2015 only - Jul 23 24:00 1:00 S
-Rule Egypt 2016 only - Jun 2 24:00 0 -
-Rule Egypt 2016 only - Jul 7 24:00 1:00 S
-Rule Egypt 2017 only - May 25 24:00 0 -
-Rule Egypt 2017 only - Jun 29 24:00 1:00 S
-Rule Egypt 2018 only - May 10 24:00 0 -
-Rule Egypt 2018 only - Jun 14 24:00 1:00 S
-Rule Egypt 2019 only - May 2 24:00 0 -
-Rule Egypt 2019 only - Jun 6 24:00 1:00 S
-Rule Egypt 2020 only - May 28 24:00 1:00 S
-Rule Egypt 2021 only - May 13 24:00 1:00 S
-Rule Egypt 2022 only - May 5 24:00 1:00 S
-Rule Egypt 2023 max - Apr lastFri 0:00s 1:00 S
+Rule Egypt 2014 only - Sep lastThu 24:00 0 -
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Africa/Cairo 2:05:09 - LMT 1900 Oct
--- ./jdk/test/sun/util/calendar/zi/tzdata/antarctica Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/test/sun/util/calendar/zi/tzdata/antarctica Tue Jun 02 13:49:09 2015 +0300
@@ -38,41 +38,6 @@
# I made up all time zone abbreviations mentioned here; corrections welcome!
# FORMAT is 'zzz' and GMTOFF is 0 for locations while uninhabited.
-# These rules are stolen from the 'southamerica' file.
-# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
-Rule ArgAQ 1964 1966 - Mar 1 0:00 0 -
-Rule ArgAQ 1964 1966 - Oct 15 0:00 1:00 S
-Rule ArgAQ 1967 only - Apr 2 0:00 0 -
-Rule ArgAQ 1967 1968 - Oct Sun>=1 0:00 1:00 S
-Rule ArgAQ 1968 1969 - Apr Sun>=1 0:00 0 -
-Rule ArgAQ 1974 only - Jan 23 0:00 1:00 S
-Rule ArgAQ 1974 only - May 1 0:00 0 -
-Rule ChileAQ 1972 1986 - Mar Sun>=9 3:00u 0 -
-Rule ChileAQ 1974 1987 - Oct Sun>=9 4:00u 1:00 S
-Rule ChileAQ 1987 only - Apr 12 3:00u 0 -
-Rule ChileAQ 1988 1989 - Mar Sun>=9 3:00u 0 -
-Rule ChileAQ 1988 only - Oct Sun>=1 4:00u 1:00 S
-Rule ChileAQ 1989 only - Oct Sun>=9 4:00u 1:00 S
-Rule ChileAQ 1990 only - Mar 18 3:00u 0 -
-Rule ChileAQ 1990 only - Sep 16 4:00u 1:00 S
-Rule ChileAQ 1991 1996 - Mar Sun>=9 3:00u 0 -
-Rule ChileAQ 1991 1997 - Oct Sun>=9 4:00u 1:00 S
-Rule ChileAQ 1997 only - Mar 30 3:00u 0 -
-Rule ChileAQ 1998 only - Mar Sun>=9 3:00u 0 -
-Rule ChileAQ 1998 only - Sep 27 4:00u 1:00 S
-Rule ChileAQ 1999 only - Apr 4 3:00u 0 -
-Rule ChileAQ 1999 2010 - Oct Sun>=9 4:00u 1:00 S
-Rule ChileAQ 2000 2007 - Mar Sun>=9 3:00u 0 -
-# N.B.: the end of March 29 in Chile is March 30 in Universal time,
-# which is used below in specifying the transition.
-Rule ChileAQ 2008 only - Mar 30 3:00u 0 -
-Rule ChileAQ 2009 only - Mar Sun>=9 3:00u 0 -
-Rule ChileAQ 2010 only - Apr Sun>=1 3:00u 0 -
-Rule ChileAQ 2011 only - May Sun>=2 3:00u 0 -
-Rule ChileAQ 2011 only - Aug Sun>=16 4:00u 1:00 S
-Rule ChileAQ 2012 2015 - Apr Sun>=23 3:00u 0 -
-Rule ChileAQ 2012 2014 - Sep Sun>=2 4:00u 1:00 S
-
# Argentina - year-round bases
# Belgrano II, Confin Coast, -770227-0343737, since 1972-02-05
# Carlini, Potter Cove, King George Island, -6414-0602320, since 1982-01
@@ -367,21 +332,7 @@
# USA - year-round bases
#
# Palmer, Anvers Island, since 1965 (moved 2 miles in 1968)
-#
-# From Ethan Dicks (1996-10-06):
-# It keeps the same time as Punta Arenas, Chile, because, just like us
-# and the South Pole, that's the other end of their supply line....
-# I verified with someone who was there that since 1980,
-# Palmer has followed Chile. Prior to that, before the Falklands War,
-# Palmer used to be supplied from Argentina.
-#
-# Zone NAME GMTOFF RULES FORMAT [UNTIL]
-Zone Antarctica/Palmer 0 - zzz 1965
- -4:00 ArgAQ AR%sT 1969 Oct 5
- -3:00 ArgAQ AR%sT 1982 May
- -4:00 ChileAQ CL%sT 2015 Apr 26 3:00u
- -3:00 - CLT
-#
+# See 'southamerica' for Antarctica/Palmer, since it uses South American DST.
#
# McMurdo Station, Ross Island, since 1955-12
# Amundsen-Scott South Pole Station, continuously occupied since 1956-11-20
--- ./jdk/test/sun/util/calendar/zi/tzdata/asia Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/test/sun/util/calendar/zi/tzdata/asia Tue Jun 02 13:49:09 2015 +0300
@@ -1927,6 +1927,13 @@
# was at the start of 2008-03-31 (the day of Steffen Thorsen's report);
# this is almost surely wrong.
+# From Ganbold Tsagaankhuu (2015-03-10):
+# It seems like yesterday Mongolian Government meeting has concluded to use
+# daylight saving time in Mongolia.... Starting at 2:00AM of last Saturday of
+# March 2015, daylight saving time starts. And 00:00AM of last Saturday of
+# September daylight saving time ends. Source:
+# http://zasag.mn/news/view/8969
+
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule Mongol 1983 1984 - Apr 1 0:00 1:00 S
Rule Mongol 1983 only - Oct 1 0:00 0 -
@@ -1947,6 +1954,8 @@
Rule Mongol 2001 only - Apr lastSat 2:00 1:00 S
Rule Mongol 2001 2006 - Sep lastSat 2:00 0 -
Rule Mongol 2002 2006 - Mar lastSat 2:00 1:00 S
+Rule Mongol 2015 max - Mar lastSat 2:00 1:00 S
+Rule Mongol 2015 max - Sep lastSat 0:00 0 -
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
# Hovd, a.k.a. Chovd, Dund-Us, Dzhargalant, Khovd, Jirgalanta
@@ -2365,13 +2374,19 @@
# official source...:
# http://www.palestinecabinet.gov.ps/ar/Views/ViewDetails.aspx?pid=1252
-# From Paul Eggert (2013-09-24):
-# For future dates, guess the last Thursday in March at 24:00 through
-# the first Friday on or after September 21 at 00:00. This is consistent with
-# the predictions in today's editions of the following URLs,
-# which are for Gaza and Hebron respectively:
-# http://www.timeanddate.com/worldclock/timezone.html?n=702
-# http://www.timeanddate.com/worldclock/timezone.html?n=2364
+# From Steffen Thorsen (2015-03-03):
+# Sources such as http://www.alquds.com/news/article/view/id/548257
+# and http://www.raya.ps/ar/news/890705.html say Palestine areas will
+# start DST on 2015-03-28 00:00 which is one day later than expected.
+#
+# From Paul Eggert (2015-03-03):
+# http://www.timeanddate.com/time/change/west-bank/ramallah?year=2014
+# says that the fall 2014 transition was Oct 23 at 24:00.
+# For future dates, guess the last Friday in March at 24:00 through
+# the first Friday on or after October 21 at 00:00. This is consistent with
+# the predictions in today's editions of the following URLs:
+# http://www.timeanddate.com/time/change/gaza-strip/gaza
+# http://www.timeanddate.com/time/change/west-bank/hebron
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule EgyptAsia 1957 only - May 10 0:00 1:00 S
@@ -2397,9 +2412,11 @@
Rule Palestine 2011 only - Aug 1 0:00 0 -
Rule Palestine 2011 only - Aug 30 0:00 1:00 S
Rule Palestine 2011 only - Sep 30 0:00 0 -
-Rule Palestine 2012 max - Mar lastThu 24:00 1:00 S
+Rule Palestine 2012 2014 - Mar lastThu 24:00 1:00 S
Rule Palestine 2012 only - Sep 21 1:00 0 -
-Rule Palestine 2013 max - Sep Fri>=21 0:00 0 -
+Rule Palestine 2013 only - Sep Fri>=21 0:00 0 -
+Rule Palestine 2014 max - Oct Fri>=21 0:00 0 -
+Rule Palestine 2015 max - Mar lastFri 24:00 1:00 S
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone Asia/Gaza 2:17:52 - LMT 1900 Oct
--- ./jdk/test/sun/util/calendar/zi/tzdata/australasia Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/test/sun/util/calendar/zi/tzdata/australasia Tue Jun 02 13:49:09 2015 +0300
@@ -396,6 +396,7 @@
9:39:00 - LMT 1901 # Agana
10:00 - GST 2000 Dec 23 # Guam
10:00 - ChST # Chamorro Standard Time
+Link Pacific/Guam Pacific/Saipan # N Mariana Is
# Kiribati
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
@@ -411,12 +412,7 @@
14:00 - LINT
# N Mariana Is
-# Zone NAME GMTOFF RULES FORMAT [UNTIL]
-Zone Pacific/Saipan -14:17:00 - LMT 1844 Dec 31
- 9:43:00 - LMT 1901
- 9:00 - MPT 1969 Oct # N Mariana Is Time
- 10:00 - MPT 2000 Dec 23
- 10:00 - ChST # Chamorro Standard Time
+# See Pacific/Guam.
# Marshall Is
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
@@ -586,6 +582,7 @@
-11:00 - NST 1967 Apr # N=Nome
-11:00 - BST 1983 Nov 30 # B=Bering
-11:00 - SST # S=Samoa
+Link Pacific/Pago_Pago Pacific/Midway # in US minor outlying islands
# Samoa (formerly and also known as Western Samoa)
@@ -767,23 +764,7 @@
# uninhabited
# Midway
-#
-# From Mark Brader (2005-01-23):
-# [Fallacies and Fantasies of Air Transport History, by R.E.G. Davies,
-# published 1994 by Paladwr Press, McLean, VA, USA; ISBN 0-9626483-5-3]
-# reproduced a Pan American Airways timetable from 1936, for their weekly
-# "Orient Express" flights between San Francisco and Manila, and connecting
-# flights to Chicago and the US East Coast. As it uses some time zone
-# designations that I've never seen before:....
-# Fri. 6:30A Lv. HONOLOLU (Pearl Harbor), H.I. H.L.T. Ar. 5:30P Sun.
-# " 3:00P Ar. MIDWAY ISLAND . . . . . . . . . M.L.T. Lv. 6:00A "
-#
-Zone Pacific/Midway -11:49:28 - LMT 1901
- -11:00 - NST 1956 Jun 3
- -11:00 1:00 NDT 1956 Sep 2
- -11:00 - NST 1967 Apr # N=Nome
- -11:00 - BST 1983 Nov 30 # B=Bering
- -11:00 - SST # S=Samoa
+# See Pacific/Pago_Pago.
# Palmyra
# uninhabited since World War II; was probably like Pacific/Kiritimati
--- ./jdk/test/sun/util/calendar/zi/tzdata/backward Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/test/sun/util/calendar/zi/tzdata/backward Tue Jun 02 13:49:09 2015 +0300
@@ -43,6 +43,7 @@
Link America/Indiana/Knox America/Knox_IN
Link America/Kentucky/Louisville America/Louisville
Link America/Argentina/Mendoza America/Mendoza
+Link America/Toronto America/Montreal
Link America/Rio_Branco America/Porto_Acre
Link America/Argentina/Cordoba America/Rosario
Link America/Denver America/Shiprock
--- ./jdk/test/sun/util/calendar/zi/tzdata/europe Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/test/sun/util/calendar/zi/tzdata/europe Tue Jun 02 13:49:09 2015 +0300
@@ -99,7 +99,7 @@
# 1:00:14 SET Swedish (1879-1899)*
# 2:00 EET EEST Eastern Europe
# 3:00 FET Further-eastern Europe (2011-2014)*
-# 3:00 MSK MSD MSM* Moscow
+# 3:00 MSK MSD MSM* Minsk, Moscow
# From Peter Ilieve (1994-12-04),
# The original six [EU members]: Belgium, France, (West) Germany, Italy,
@@ -2423,7 +2423,7 @@
4:00 Russia VOL%sT 1989 Mar 26 2:00s # Volgograd T
3:00 Russia VOL%sT 1991 Mar 31 2:00s
4:00 - VOLT 1992 Mar 29 2:00s
- 3:00 Russia MSK 2011 Mar 27 2:00s
+ 3:00 Russia MSK/MSD 2011 Mar 27 2:00s
4:00 - MSK 2014 Oct 26 2:00s
3:00 - MSK
--- ./jdk/test/sun/util/calendar/zi/tzdata/northamerica Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/test/sun/util/calendar/zi/tzdata/northamerica Tue Jun 02 13:49:09 2015 +0300
@@ -250,9 +250,14 @@
# The law doesn't give abbreviations.
#
# From Paul Eggert (2000-01-08), following a heads-up from Rives McDow:
-# Public law 106-564 (2000-12-23) introduced the abbreviation
-# "Chamorro Standard Time" for time in Guam and the Northern Marianas.
-# See the file "australasia".
+# Public law 106-564 (2000-12-23) introduced ... "Chamorro Standard Time"
+# for time in Guam and the Northern Marianas. See the file "australasia".
+#
+# From Paul Eggert (2015-04-17):
+# HST and HDT are standardized abbreviations for Hawaii-Aleutian
+# standard and daylight times. See section 9.47 (p 234) of the
+# U.S. Government Printing Office Style Manual (2008)
+# http://www.gpo.gov/fdsys/pkg/GPO-STYLEMANUAL-2008/pdf/GPO-STYLEMANUAL-2008.pdf
# From Arthur David Olson, 2005-08-09
# The following was signed into law on 2005-08-08.
@@ -559,7 +564,7 @@
-11:00 - BST 1969
-11:00 US B%sT 1983 Oct 30 2:00
-10:00 US AH%sT 1983 Nov 30
- -10:00 US HA%sT
+ -10:00 US H%sT
# The following switches don't quite make our 1970 cutoff.
#
# Shanks writes that part of southwest Alaska (e.g. Aniak)
@@ -1354,14 +1359,9 @@
# Quebec
-# From Paul Eggert (2013-08-30):
-# Since 1970 most of Quebec has been like Toronto.
-# However, because earlier versions of the tz database mistakenly relied on data
-# from Shanks & Pottenger saying that Quebec differed from Ontario after 1970,
-# a separate entry was created for most of Quebec. We're loath to lose
-# its pre-1970 info, even though the tz database is normally limited to
-# zones that differ after 1970, so keep this otherwise out-of-scope entry.
-
+# From Paul Eggert (2015-03-24):
+# See America/Toronto for most of Quebec, including Montreal.
+#
# Matthews and Vincent (1998) also write that Quebec east of the -63
# meridian is supposed to observe AST, but residents as far east as
# Natashquan use EST/EDT, and residents east of Natashquan use AST.
@@ -1375,39 +1375,10 @@
# For lack of better info, guess this practice began around 1970, contra to
# Shanks & Pottenger who have this region observing AST/ADT.
-# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
-Rule Mont 1917 only - Mar 25 2:00 1:00 D
-Rule Mont 1917 only - Apr 24 0:00 0 S
-Rule Mont 1919 only - Mar 31 2:30 1:00 D
-Rule Mont 1919 only - Oct 25 2:30 0 S
-Rule Mont 1920 only - May 2 2:30 1:00 D
-Rule Mont 1920 1922 - Oct Sun>=1 2:30 0 S
-Rule Mont 1921 only - May 1 2:00 1:00 D
-Rule Mont 1922 only - Apr 30 2:00 1:00 D
-Rule Mont 1924 only - May 17 2:00 1:00 D
-Rule Mont 1924 1926 - Sep lastSun 2:30 0 S
-Rule Mont 1925 1926 - May Sun>=1 2:00 1:00 D
-Rule Mont 1927 1937 - Apr lastSat 24:00 1:00 D
-Rule Mont 1927 1937 - Sep lastSat 24:00 0 S
-Rule Mont 1938 1940 - Apr lastSun 0:00 1:00 D
-Rule Mont 1938 1939 - Sep lastSun 0:00 0 S
-Rule Mont 1946 1973 - Apr lastSun 2:00 1:00 D
-Rule Mont 1945 1948 - Sep lastSun 2:00 0 S
-Rule Mont 1949 1950 - Oct lastSun 2:00 0 S
-Rule Mont 1951 1956 - Sep lastSun 2:00 0 S
-Rule Mont 1957 1973 - Oct lastSun 2:00 0 S
-
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone America/Blanc-Sablon -3:48:28 - LMT 1884
-4:00 Canada A%sT 1970
-4:00 - AST
-Zone America/Montreal -4:54:16 - LMT 1884
- -5:00 Mont E%sT 1918
- -5:00 Canada E%sT 1919
- -5:00 Mont E%sT 1942 Feb 9 2:00s
- -5:00 Canada E%sT 1946
- -5:00 Mont E%sT 1974
- -5:00 Canada E%sT
# Ontario
@@ -1898,17 +1869,115 @@
# Dawson switched to PST in 1973. Inuvik switched to MST in 1979.
# Mathew Englander (1996-10-07) gives the following refs:
# * 1967. Paragraph 28(34)(g) of the Interpretation Act, S.C. 1967-68,
-# c. 7 defines Yukon standard time as UTC-9. This is still valid;
+# c. 7 defines Yukon standard time as UTC-9....
# see Interpretation Act, R.S.C. 1985, c. I-21, s. 35(1).
+# [http://canlii.ca/t/7vhg]
# * C.O. 1973/214 switched Yukon to PST on 1973-10-28 00:00.
# * O.I.C. 1980/02 established DST.
# * O.I.C. 1987/056 changed DST to Apr firstSun 2:00 to Oct lastSun 2:00.
-# Shanks & Pottenger say Yukon's 1973-10-28 switch was at 2:00; go
-# with Englander.
-# From Chris Walton (2006-06-26):
-# Here is a link to the old daylight saving portion of the interpretation
-# act which was last updated in 1987:
-# http://www.gov.yk.ca/legislation/regs/oic1987_056.pdf
+
+# From Brian Inglis (2015-04-14):
+#
+# I tried to trace the history of Yukon time and found the following
+# regulations, giving the reference title and URL if found, regulation name,
+# and relevant quote if available. Each regulation specifically revokes its
+# predecessor. The final reference is to the current Interpretation Act
+# authorizing and resulting from these regulatory changes.
+#
+# Only recent regulations were retrievable via Yukon government site search or
+# index, and only some via Canadian legal sources. Other sources used include
+# articles titled "Standard Time and Time Zones in Canada" from JRASC via ADS
+# Abstracts, cited by ADO for 1932 ..., and updated versions from 1958 and
+# 1970 quoted below; each article includes current extracts from provincial
+# and territorial ST and DST regulations at the end, summaries and details of
+# standard times and daylight saving time at many locations across Canada,
+# with time zone maps, tables and calculations for Canadian Sunrise, Sunset,
+# and LMST; they also cover many countries and global locations, with a chart
+# and table showing current Universal Time offsets, and may be useful as
+# another source of information for 1970 and earlier.
+#
+# * Standard Time and Time Zones in Canada; Smith, C.C.; JRASC, Vol. 26,
+# pp.49-77; February 1932; SAO/NASA Astrophysics Data System (ADS)
+# http://adsabs.harvard.edu/abs/1932JRASC..26...49S from p.75:
+# Yukon Interpretation Ordinance
+# Yukon standard time is the local mean time at the one hundred and
+# thirty-fifth meridian.
+#
+# * Standard Time and Time Zones in Canada; Smith, C.C.; Thomson, Malcolm M.;
+# JRASC, Vol. 52, pp.193-223; October 1958; SAO/NASA Astrophysics Data System
+# (ADS) http://adsabs.harvard.edu/abs/1958JRASC..52..193S from pp.220-1:
+# Yukon Interpretation Ordinance, 1955, Chap. 16.
+#
+# (1) Subject to this section, standard time shall be reckoned as nine
+# hours behind Greenwich Time and called Yukon Standard Time.
+#
+# (2) Notwithstanding subsection (1), the Commissioner may make regulations
+# varying the manner of reckoning standard time.
+#
+# * Yukon Territory Commissioner's Order 1966-20 Interpretation Ordinance
+# http://? - no online source found
+#
+# * Standard Time and Time Zones in Canada; Thomson, Malcolm M.; JRASC,
+# Vol. 64, pp.129-162; June 1970; SAO/NASA Astrophysics Data System (ADS)
+# http://adsabs.harvard.edu/abs/1970JRASC..64..129T from p.156: Yukon
+# Territory Commissioner's Order 1967-59 Interpretation Ordinance ...
+#
+# 1. Commissioner's Order 1966-20 dated at Whitehorse in the Yukon
+# Territory on 27th January, 1966, is hereby revoked.
+#
+# 2. Yukon (East) Standard Time as defined by section 36 of the
+# Interpretation Ordinance from and after mid-night on the 28th day of May,
+# 1967 shall be reckoned in the same manner as Pacific Standard Time, that
+# is to say, eight hours behind Greenwich Time in the area of the Yukon
+# Territory lying east of the 138th degree longitude west.
+#
+# 3. In the remainder of the Territory, lying west of the 138th degree
+# longitude west, Yukon (West) Standard Time shall be reckoned as nine
+# hours behind Greenwich Time.
+#
+# * Yukon Standard Time defined as Pacific Standard Time, YCO 1973/214
+# http://www.canlii.org/en/yk/laws/regu/yco-1973-214/latest/yco-1973-214.html
+# C.O. 1973/214 INTERPRETATION ACT ...
+#
+# 1. Effective October 28, 1973 Commissioner's Order 1967/59 is hereby
+# revoked.
+#
+# 2. Yukon Standard Time as defined by section 36 of the Interpretation
+# Act from and after midnight on the twenty-eighth day of October, 1973
+# shall be reckoned in the same manner as Pacific Standard Time, that is
+# to say eight hours behind Greenwich Time.
+#
+# * O.I.C. 1980/02 INTERPRETATION ACT
+# http://? - no online source found
+#
+# * Yukon Daylight Saving Time, YOIC 1987/56
+# http://www.canlii.org/en/yk/laws/regu/yoic-1987-56/latest/yoic-1987-56.html
+# O.I.C. 1987/056 INTERPRETATION ACT ...
+#
+# In every year between
+# (a) two o'clock in the morning in the first Sunday in April, and
+# (b) two o'clock in the morning in the last Sunday in October,
+# Standard Time shall be reckoned as seven hours behind Greenwich Time and
+# called Yukon Daylight Saving Time.
+# ...
+# Dated ... 9th day of March, A.D., 1987.
+#
+# * Yukon Daylight Saving Time 2006, YOIC 2006/127
+# http://www.canlii.org/en/yk/laws/regu/yoic-2006-127/latest/yoic-2006-127.html
+# O.I.C. 2006/127 INTERPRETATION ACT ...
+#
+# 1. In Yukon each year the time for general purposes shall be 7 hours
+# behind Greenwich mean time during the period commencing at two o'clock
+# in the forenoon on the second Sunday of March and ending at two o'clock
+# in the forenoon on the first Sunday of November and shall be called
+# Yukon Daylight Saving Time.
+#
+# 2. Order-in-Council 1987/56 is revoked.
+#
+# 3. This order comes into force January 1, 2007.
+#
+# * Interpretation Act, RSY 2002, c 125
+# http://www.canlii.org/en/yk/laws/stat/rsy-2002-c-125/latest/rsy-2002-c-125.html
# From Rives McDow (1999-09-04):
# Nunavut ... moved ... to incorporate the whole territory into one time zone.
@@ -2134,7 +2203,7 @@
-7:00 NT_YK M%sT 1980
-7:00 Canada M%sT
Zone America/Whitehorse -9:00:12 - LMT 1900 Aug 20
- -9:00 NT_YK Y%sT 1966 Jul 1 2:00
+ -9:00 NT_YK Y%sT 1967 May 28 0:00
-8:00 NT_YK P%sT 1980
-8:00 Canada P%sT
Zone America/Dawson -9:17:40 - LMT 1900 Aug 20
@@ -2335,8 +2404,24 @@
# "...the new time zone will come into effect at two o'clock on the first Sunday
# of February, when we will have to advance the clock one hour from its current
# time..."
+# Also, the new zone will not use DST.
#
-# Also, the new zone will not use DST.
+# From Carlos Raúl Perasso (2015-02-02):
+# The decree that modifies the Mexican Hour System Law has finally
+# been published at the Diario Oficial de la Federación
+# http://www.dof.gob.mx/nota_detalle.php?codigo=5380123&fecha=31/01/2015
+# It establishes 5 zones for Mexico:
+# 1- Zona Centro (Central Zone): Corresponds to longitude 90 W,
+# includes most of Mexico, excluding what's mentioned below.
+# 2- Zona Pacífico (Pacific Zone): Longitude 105 W, includes the
+# states of Baja California Sur; Chihuahua; Nayarit (excluding Bahía
+# de Banderas which lies in Central Zone); Sinaloa and Sonora.
+# 3- Zona Noroeste (Northwest Zone): Longitude 120 W, includes the
+# state of Baja California.
+# 4- Zona Sureste (Southeast Zone): Longitude 75 W, includes the state
+# of Quintana Roo.
+# 5- The islands, reefs and keys shall take their timezone from the
+# longitude they are located at.
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
Rule Mexico 1939 only - Feb 5 0:00 1:00 D
@@ -2531,14 +2616,9 @@
###############################################################################
# Anguilla
+# Antigua and Barbuda
# See America/Port_of_Spain.
-# Antigua and Barbuda
-# Zone NAME GMTOFF RULES FORMAT [UNTIL]
-Zone America/Antigua -4:07:12 - LMT 1912 Mar 2
- -5:00 - EST 1951
- -4:00 - AST
-
# Bahamas
#
# For 1899 Milne gives -5:09:29.5; round that.
@@ -2604,10 +2684,7 @@
-4:00 US A%sT
# Cayman Is
-# Zone NAME GMTOFF RULES FORMAT [UNTIL]
-Zone America/Cayman -5:25:32 - LMT 1890 # Georgetown
- -5:07:11 - KMT 1912 Feb # Kingston Mean Time
- -5:00 - EST
+# See America/Panama.
# Costa Rica
@@ -3130,6 +3207,7 @@
Zone America/Panama -5:18:08 - LMT 1890
-5:19:36 - CMT 1908 Apr 22 # Colón Mean Time
-5:00 - EST
+Link America/Panama America/Cayman
# Puerto Rico
# There are too many San Juans elsewhere, so we'll use 'Puerto_Rico'.
--- ./jdk/test/sun/util/calendar/zi/tzdata/southamerica Thu Feb 05 13:00:26 2015 +0100
+++ ./jdk/test/sun/util/calendar/zi/tzdata/southamerica Tue Jun 02 13:49:09 2015 +0300
@@ -1121,6 +1121,60 @@
# Chile
+# From Paul Eggert (2015-04-03):
+# Shanks & Pottenger says America/Santiago introduced standard time in
+# 1890 and rounds its UTC offset to 70W40; guess that in practice this
+# was the same offset as in 1916-1919. It also says Pacific/Easter
+# standardized on 109W22 in 1890; assume this didn't change the clocks.
+#
+# Dates for America/Santiago from 1910 to 2004 are primarily from
+# the following source, cited by Oscar van Vlijmen (2006-10-08):
+# [1] Chile Law
+# http://www.webexhibits.org/daylightsaving/chile.html
+# This contains a copy of a this official table:
+# Cambios en la hora oficial de Chile desde 1900 (retrieved 2008-03-30)
+# http://web.archive.org/web/20080330200901/http://www.horaoficial.cl/cambio.htm
+# [1] needs several corrections, though.
+#
+# The first set of corrections is from:
+# [2] History of the Official Time of Chile
+# http://www.horaoficial.cl/ing/horaof_ing.html (retrieved 2012-03-06). See:
+# http://web.archive.org/web/20120306042032/http://www.horaoficial.cl/ing/horaof_ing.html
+# This is an English translation of:
+# Historia de la hora oficial de Chile (retrieved 2012-10-24). See:
+# http://web.archive.org/web/20121024234627/http://www.horaoficial.cl/horaof.htm
+# A fancier Spanish version (requiring mouse-clicking) is at:
+# http://www.horaoficial.cl/historia_hora.html
+# Conflicts between [1] and [2] were resolved as follows:
+#
+# - [1] says the 1910 transition was Jan 1, [2] says Jan 10 and cites
+# Boletín Nº 1, Aviso Nº 1 (1910). Go with [2].
+#
+# - [1] says SMT was -4:42:45, [2] says Chile's official time from
+# 1916 to 1919 was -4:42:46.3, the meridian of Chile's National
+# Astronomical Observatory (OAN), then located in what is now
+# Quinta Normal in Santiago. Go with [2], rounding it to -4:42:46.
+#
+# - [1] says the 1918 transition was Sep 1, [2] says Sep 10 and cites
+# Boletín Nº 22, Aviso Nº 129/1918 (1918-08-23). Go with [2].
+#
+# - [1] does not give times for transitions; assume they occur
+# at midnight mainland time, the current common practice. However,
+# go with [2]'s specification of 23:00 for the 1947-05-21 transition.
+#
+# Another correction to [1] is from Jesper Nørgaard Welen, who
+# wrote (2006-10-08), "I think that there are some obvious mistakes in
+# the suggested link from Oscar van Vlijmen,... for instance entry 66
+# says that GMT-4 ended 1990-09-12 while entry 67 only begins GMT-3 at
+# 1990-09-15 (they should have been 1990-09-15 and 1990-09-16
+# respectively), but anyhow it clears up some doubts too."
+#
+# Data for Pacific/Easter from 1910 through 1967 come from Shanks &
+# Pottenger. After that, for lack of better info assume
+# Pacific/Easter is always two hours behind America/Santiago;
+# this is known to work for DST transitions starting in 2008 and
+# may well be true for earlier transitions.
+
# From Eduardo Krell (1995-10-19):
# The law says to switch to DST at midnight [24:00] on the second SATURDAY
# of October.... The law is the same for March and October.
@@ -1133,78 +1187,35 @@
# Because of the same drought, the government decided to end DST later,
# on April 3, (one-time change).
-# From Oscar van Vlijmen (2006-10-08):
-# http://www.horaoficial.cl/cambio.htm
-
-# From Jesper Nørgaard Welen (2006-10-08):
-# I think that there are some obvious mistakes in the suggested link
-# from Oscar van Vlijmen,... for instance entry 66 says that GMT-4
-# ended 1990-09-12 while entry 67 only begins GMT-3 at 1990-09-15
-# (they should have been 1990-09-15 and 1990-09-16 respectively), but
-# anyhow it clears up some doubts too.
-
-# From Paul Eggert (2014-08-12):
-# The following data entries for Chile and America/Santiago are from
-# (2006-09-20), transcribed by
-# Jesper Nørgaard Welen. The data entries for Pacific/Easter are from Shanks
-# & Pottenger, except with DST transitions after 1932 cloned from
-# America/Santiago. The pre-1980 Pacific/Easter data entries are dubious,
-# but we have no other source.
-
# From Germán Poo-Caamaño (2008-03-03):
# Due to drought, Chile extends Daylight Time in three weeks. This
# is one-time change (Saturday 3/29 at 24:00 for America/Santiago
# and Saturday 3/29 at 22:00 for Pacific/Easter)
# The Supreme Decree is located at
# http://www.shoa.cl/servicios/supremo316.pdf
-# and the instructions for 2008 are located in:
-# http://www.horaoficial.cl/cambio.htm
-
+#
# From José Miguel Garrido (2008-03-05):
-# ...
-# You could see the announces of the change on
# http://www.shoa.cl/noticias/2008/04hora/hora.htm
# From Angel Chiang (2010-03-04):
# Subject: DST in Chile exceptionally extended to 3 April due to earthquake
# http://www.gobiernodechile.cl/viewNoticia.aspx?idArticulo=30098
-# (in Spanish, last paragraph).
#
-# This is breaking news. There should be more information available later.
-
# From Arthur David Olson (2010-03-06):
# Angel Chiang's message confirmed by Julio Pacheco; Julio provided a patch.
-# From Glenn Eychaner (2011-03-02):
-# It appears that the Chilean government has decided to postpone the
-# change from summer time to winter time again, by three weeks to April
-# 2nd:
-# http://www.emol.com/noticias/nacional/detalle/detallenoticias.asp?idnoticia=467651
-#
-# This is not yet reflected in the official "cambio de hora" site, but
-# probably will be soon:
-# http://www.horaoficial.cl/cambio.htm
-
-# From Arthur David Olson (2011-03-02):
-# The emol.com article mentions a water shortage as the cause of the
-# postponement, which may mean that it's not a permanent change.
-
# From Glenn Eychaner (2011-03-28):
-# The article:
# http://diario.elmercurio.com/2011/03/28/_portada/_portada/noticias/7565897A-CA86-49E6-9E03-660B21A4883E.htm?id=3D{7565897A-CA86-49E6-9E03-660B21A4883E}
-#
# In English:
# Chile's clocks will go back an hour this year on the 7th of May instead
# of this Saturday. They will go forward again the 3rd Saturday in
-# August, not in October as they have since 1968. This is a pilot plan
-# which will be reevaluated in 2012.
+# August, not in October as they have since 1968.
# From Mauricio Parada (2012-02-22), translated by Glenn Eychaner (2012-02-23):
# As stated in the website of the Chilean Energy Ministry
# http://www.minenergia.cl/ministerio/noticias/generales/gobierno-anuncia-fechas-de-cambio-de.html
# The Chilean Government has decided to postpone the entrance into winter time
-# (to leave DST) from March 11 2012 to April 28th 2012. The decision has not
-# been yet formalized but it will within the next days.
+# (to leave DST) from March 11 2012 to April 28th 2012....
# Quote from the website communication:
#
# 6. For the year 2012, the dates of entry into winter time will be as follows:
@@ -1229,22 +1240,17 @@
# DST Start: first Saturday of September 2014 (Sun 07 Sep 2014 04:00 UTC)
# http://www.diariooficial.interior.gob.cl//media/2014/02/19/do-20140219.pdf
-# From Juan Correa (2015-01-28):
-# ... today the Ministry of Energy announced that Chile will drop DST, will keep
-# "summer time" (UTC -3 / UTC -5) all year round....
-# http://www.minenergia.cl/ministerio/noticias/generales/ministerio-de-energia-anuncia.html
-
-# NOTE: ChileAQ rules for Antarctic bases are stored separately in the
-# 'antarctica' file.
+# From Eduardo Romero Urra (2015-03-03):
+# Today has been published officially that Chile will use the DST time
+# permanently until March 25 of 2017
+# http://www.diariooficial.interior.gob.cl/media/2015/03/03/1-large.jpg
+#
+# From Paul Eggert (2015-03-03):
+# For now, assume that the extension will persist indefinitely.
# Rule NAME FROM TO TYPE IN ON AT SAVE LETTER/S
-Rule Chile 1927 1932 - Sep 1 0:00 1:00 S
+Rule Chile 1927 1931 - Sep 1 0:00 1:00 S
Rule Chile 1928 1932 - Apr 1 0:00 0 -
-Rule Chile 1942 only - Jun 1 4:00u 0 -
-Rule Chile 1942 only - Aug 1 5:00u 1:00 S
-Rule Chile 1946 only - Jul 15 4:00u 1:00 S
-Rule Chile 1946 only - Sep 1 3:00u 0:00 -
-Rule Chile 1947 only - Apr 1 4:00u 0 -
Rule Chile 1968 only - Nov 3 4:00u 1:00 S
Rule Chile 1969 only - Mar 30 3:00u 0 -
Rule Chile 1969 only - Nov 23 4:00u 1:00 S
@@ -1255,10 +1261,8 @@
Rule Chile 1973 only - Sep 30 4:00u 1:00 S
Rule Chile 1974 1987 - Oct Sun>=9 4:00u 1:00 S
Rule Chile 1987 only - Apr 12 3:00u 0 -
-Rule Chile 1988 1989 - Mar Sun>=9 3:00u 0 -
-Rule Chile 1988 only - Oct Sun>=1 4:00u 1:00 S
-Rule Chile 1989 only - Oct Sun>=9 4:00u 1:00 S
-Rule Chile 1990 only - Mar 18 3:00u 0 -
+Rule Chile 1988 1990 - Mar Sun>=9 3:00u 0 -
+Rule Chile 1988 1989 - Oct Sun>=9 4:00u 1:00 S
Rule Chile 1990 only - Sep 16 4:00u 1:00 S
Rule Chile 1991 1996 - Mar Sun>=9 3:00u 0 -
Rule Chile 1991 1997 - Oct Sun>=9 4:00u 1:00 S
@@ -1281,17 +1285,23 @@
# (1996-09) says 1998-03-08. Ignore these.
# Zone NAME GMTOFF RULES FORMAT [UNTIL]
Zone America/Santiago -4:42:46 - LMT 1890
- -4:42:46 - SMT 1910 # Santiago Mean Time
+ -4:42:46 - SMT 1910 Jan 10 # Santiago Mean Time
-5:00 - CLT 1916 Jul 1 # Chile Time
- -4:42:46 - SMT 1918 Sep 1 # Santiago Mean Time
- -4:00 - CLT 1919 Jul 1 # Chile Time
- -4:42:46 - SMT 1927 Sep 1 # Santiago Mean Time
- -5:00 Chile CL%sT 1947 May 22 # Chile Time
+ -4:42:46 - SMT 1918 Sep 10
+ -4:00 - CLT 1919 Jul 1
+ -4:42:46 - SMT 1927 Sep 1
+ -5:00 Chile CL%sT 1932 Sep 1
+ -4:00 - CLT 1942 Jun 1
+ -5:00 - CLT 1942 Aug 1
+ -4:00 - CLT 1946 Jul 15
+ -4:00 1:00 CLST 1946 Sep 1 # central Chile
+ -4:00 - CLT 1947 Apr 1
+ -5:00 - CLT 1947 May 21 23:00
-4:00 Chile CL%sT 2015 Apr 26 3:00u
-3:00 - CLT
-Zone Pacific/Easter -7:17:44 - LMT 1890
+Zone Pacific/Easter -7:17:28 - LMT 1890
-7:17:28 - EMT 1932 Sep # Easter Mean Time
- -7:00 Chile EAS%sT 1982 Mar 13 3:00u # Easter Time
+ -7:00 Chile EAS%sT 1982 Mar 14 3:00u # Easter Time
-6:00 Chile EAS%sT 2015 Apr 26 3:00u
-5:00 - EAST
#
@@ -1299,6 +1309,25 @@
# Other Chilean locations, including Juan Fernández Is, Desventuradas Is,
# and Antarctic bases, are like America/Santiago.
+# Antarctic base using South American rules
+# (See the file 'antarctica' for more.)
+#
+# Palmer, Anvers Island, since 1965 (moved 2 miles in 1968)
+#
+# From Ethan Dicks (1996-10-06):
+# It keeps the same time as Punta Arenas, Chile, because, just like us
+# and the South Pole, that's the other end of their supply line....
+# I verified with someone who was there that since 1980,
+# Palmer has followed Chile. Prior to that, before the Falklands War,
+# Palmer used to be supplied from Argentina.
+#
+# Zone NAME GMTOFF RULES FORMAT [UNTIL]
+Zone Antarctica/Palmer 0 - zzz 1965
+ -4:00 Arg AR%sT 1969 Oct 5
+ -3:00 Arg AR%sT 1982 May
+ -4:00 Chile CL%sT 2015 Apr 26 3:00u
+ -3:00 - CLT
+
# Colombia
# Milne gives 4:56:16.4 for Bogotá time in 1899; round to nearest. He writes,
@@ -1626,6 +1655,7 @@
# These all agree with Trinidad and Tobago since 1970.
Link America/Port_of_Spain America/Anguilla
+Link America/Port_of_Spain America/Antigua
Link America/Port_of_Spain America/Dominica
Link America/Port_of_Spain America/Grenada
Link America/Port_of_Spain America/Guadeloupe
--- ./langtools/.hgtags Tue Mar 17 11:25:42 2015 -0700
+++ ./langtools/.hgtags Mon Jun 01 11:44:19 2015 -0700
@@ -352,6 +352,7 @@
7a34ec7bb1c831e82ac88da578a028572b676260 jdk8u31-b13
b813a76f10911ac8db2c775e52b29f36ab0005f4 jdk8u31-b31
8dc0c7e42d90c9f323582b742a7f228bad57b124 jdk8u31-b32
+f75e26a5c3acc1ca9f5035dbfc4a40710d354dff jdk8u31-b33
d231957fe3103e790465fcf058fb8cb33bbc4c4e jdk8u40-b00
bf89a471779d13a9407f7d1c86f7716258bc4aa6 jdk8u40-b01
0b6cc4ea670f5d17b56c088f202869bdbb80a5ce jdk8u40-b02
@@ -380,6 +381,8 @@
991141080b2078e67179ff307a5051e59431762c jdk8u40-b25
2904142783dd0a9e12195a84c7dcdb3d8278b1b1 jdk8u40-b26
83eca922346e27ec42645e9630c04fbaec5eaf0f jdk8u40-b27
+d727ca30ce3c1b97ed9acd7380f8e4cf41813ffa jdk8u40-b31
+cc9fc1abb5aeffe2b6123c392a5c602a0ba75368 jdk8u40-b32
dbae37f50c43453f7d6f22d96adc8b5b6cd1e90d jdk8u45-b00
244e6dc772877dfae6286530f58e11a210a48a3c jdk8u45-b01
401ec76887623a29d3f868f9f9b18b42838d2e92 jdk8u45-b02
@@ -394,3 +397,23 @@
0547ef2be3b303923b30ce78e1ab832725483f4e jdk8u45-b11
4f89bbda7b4532b9f6eeee8c41b7a3b38570ae93 jdk8u45-b12
5ce022bca792453a7efedaed419a9d763d7a9fc3 jdk8u45-b13
+847af465a5425e2caa1f1d7a09efec3b3f31b323 jdk8u45-b14
+ebe1e9d17713e45d157b48b9a31c5c2d077c7970 jdk8u45-b15
+10fae8059bb210df1624b827a3895ccc455e3c64 jdk8u45-b31
+e0b8d79bef0c01d77453579b1d36e926892c774b jdk8u45-b32
+ac1c3ae884633c2ec3881816977023fc44919c66 jdk8u51-b00
+565167bf31eab083c306dfe11c947e59f4f4ee72 jdk8u51-b01
+2078bad2444c509a63a539f3bbe1db0f36513c9e jdk8u51-b02
+30124dd95dc07edf3340c98d5af2a5a254b233b5 jdk8u51-b03
+9cb46d0c0d5932f1e52f1f06f015a9a5c1190bc2 jdk8u51-b04
+412ac274e12075e1a774f9b971ce019bcc2e1435 jdk8u51-b05
+7c65f509ca37c7b45c9762841cc280f572686c70 jdk8u51-b06
+b40a953cbc4dbcd87e56b9f9e006ab048d0deaa1 jdk8u51-b07
+858a7fc598d0baa0949a525fadfe912efd15b459 jdk8u51-b08
+90def0a14f4ad8c99fcda34f2745b6158823e21c jdk8u51-b09
+417f734de62d74c69e3a8465340bfb3aca60151a jdk8u51-b10
+8ac1243890d4f427a32320b81ae1be38f81f0c62 jdk8u51-b11
+f65c2fc549b5e9184da67e3a4f81260c27a88010 jdk8u51-b12
+3836d67a94a92befedd97064358270c6f0760e5c jdk8u51-b13
+f3a44c7deac2b23a53f0fd35b22a5d9181291616 jdk8u51-b14
+f77e8d012e8d6ee3432515ad68dd4f630dd08d56 jdk8u51-b15
--- ./nashorn/.hgtags Tue Mar 17 11:25:52 2015 -0700
+++ ./nashorn/.hgtags Mon Jun 01 11:44:30 2015 -0700
@@ -340,6 +340,7 @@
ec36fa3b35eb00f053d624ae837579c6b8e446ac jdk8u31-b13
34a64e22b81bd78cf29603a80ff1f4cfc1694df8 jdk8u31-b31
d2b5784a3452a4fd9d1ccfefe93ee2d36662842c jdk8u31-b32
+c6dd08613a440ed8d0f1b14b85911d6f3826e1d4 jdk8u31-b33
f2925491b61b22ac42f8c30ee9c6723ffa401a4c jdk8u40-b00
62468d841b842769d875bd97d10370585c296eb7 jdk8u40-b01
b476c69c820ac1e05071f4de5abab8e2dff80e87 jdk8u40-b02
@@ -368,6 +369,8 @@
fb7b6c2b95c5661f15e8e747a63ec6d95d49fe46 jdk8u40-b25
b142a2d8e35e54abb08a7ded1dbfb5d7ce534c93 jdk8u40-b26
c2dd88e89edc85b1bcb731d3296d0fcec1b78447 jdk8u40-b27
+e05552220ba82e465a1abfee90224b5b247e37bc jdk8u40-b31
+e1cc0fe0fd50fc4582e729897d7095ffce0f97ad jdk8u40-b32
05a3614ed5276e5db2a73cce918be04b1a2922fb jdk8u45-b00
21ec16eb7e6346c78b4fa67ccd6d2a9c58f0b696 jdk8u45-b01
37b3ef9a07323afd2556d6837824db154cccc874 jdk8u45-b02
@@ -382,3 +385,23 @@
6ae873ddbe195aa966fc348e468c0ecd2702f5e3 jdk8u45-b11
9b9fee0f99cd07fba62abaafe705665a5ab89067 jdk8u45-b12
6fda38586f73de706ecde311711a587ac49d51d8 jdk8u45-b13
+d5477c6d1678547a9338707adc4b81d35c280454 jdk8u45-b14
+ea15c34524408bbd2fa2886e5ec5d7995d8e236a jdk8u45-b15
+d1c1e084430027bffb5bbb1b288660fbdb86627b jdk8u45-b31
+67dc09b4965989a65a97e0bfec73338cd4763f2a jdk8u45-b32
+2d1c01990ebd896f81f511aabf1e53cbe1fda11f jdk8u51-b00
+4323de82a85c378b08e24601b8f3cec6aafda6f4 jdk8u51-b01
+5ee412753fa08a1e9fa15221c4253886e822a94e jdk8u51-b02
+a6d6f7cf488c1e57df9e9f724547c0e0eae2ad9e jdk8u51-b03
+7512eafda1f90fbf6837dd29ae7585b19b9fbe3a jdk8u51-b04
+04aae4de5c5e2b1c51725a7181afa0085a78d7ee jdk8u51-b05
+a03caffca13caafe4e0a14b5c6cee333bdfce67c jdk8u51-b06
+8814ac4bd7bc1cf87b40f036dc306185343ddb76 jdk8u51-b07
+7fa927b4a47ab76204ec2befe3b8f52336c0a291 jdk8u51-b08
+77cee35f987167f6e97cc8f2b09349e743e7a9e7 jdk8u51-b09
+1480e27e4af65e809c1a5cc0310616c2c68392f2 jdk8u51-b10
+6e95b9bb2f67d4a77d28e5aa3c07281fc8424823 jdk8u51-b11
+bf2fe867628bf323262377f8312c85f440a9b246 jdk8u51-b12
+1ecbb6d582a6ccf9e0f6e359a925155c8c580bac jdk8u51-b13
+e9d85a30fd08425904a400add72212a010381aa8 jdk8u51-b14
+4cbc78843829b3f6de43b3c056565834008419a6 jdk8u51-b15